logo

Woading-nyaa... >w<

wesponsibull discwosuwe powicy~

ur effowts to hewp us keep ouw sewvices safe and secu-wure awe gweatwy appweciated! >w<

ouw pwomise~

at itgoit, we considew da secuwity of ouw systummies a top pwiowity. howeveh, no mattew how much effowt we put into system secuwity, thewe can stiww be wittle booboos pwesent. if u discovew a booboo, we wouwd wike to knyow about it so we can take steps to fixy-wixy it as quickwy as possibull. we wouwd wike to ask u to hewp us bettew pwotect ouw cwients and ouw systummies. owo

how to wepowt a wittle booboo~

p-pwease send ur findies by cwicking da button bewow~. we weawwy, weawwy encouwage u to encwypt ur message using our OwOpenPGP key to pwotect da info. pwease fowwow da wules bewow: >w<

  • pwovide enuff info so we can undewstand da pwoblem, so we can fixy-wixy it as fast as possibull. da ip addwess ow url of da system and a descwiption of ur findies awe often enuff. howeveh, fow compwex pwobwems, mowe info might be nyecessawy.
  • weave ur contact detaiws so we can get in touch with u~.
  • wepowt ur findies to us as soon as possibull aftew discovewy.
  • pwease don't shawe info about ur findies with anyonye except da designated peopwe at itgoit.
  • handwe da knowwedge of ur findies with cawe and onwy use it to infowm us of wut u have discovewed. owo
wepowt via emaiw~

scopey-wopey

in scopey~

  • Any domainy-womainy ow sewvice diwectwy ownyed by ITGOIT, wike itgoit.nl and its subby-wubby domains~.
  • Ouw customew-facing webby appsies and APIs, nya~.
  • Ouw backy-wacky infwastwuctuwe dat diwectwy suppowts in-scopey sewvices, hehe~.

wut u don't nyeed to wepowt (out of scope booboos)

  • cwiccy-jaccy on pages with no sensitive actionsies.
  • csw-fwuff fow nyon-significant actions.
  • cows misconfiguwations when da cwedentiaws headew is nyot set.
  • missing http secuwity headews dat don't diwectwy wead to a booboo.
  • missing best pwactices in ssw/tws configuwation. oopsie!
  • missing best pwactices in content secuwity powicy.
  • missing emaiw best pwactices (invawid, incompwete, ow missing spf/dkim/dmawc wecowds, etc.).
  • missing cookie fwaggies on cookies dat don't howd session ow othew sensitive infowmation.
  • infowmation discwosuwe defauwt exposed config fiwes with no sensitive data.
  • owopen wediwec booboos dat don't demonstwate additionyaw secuwity impact.
  • content spoofy-woofies and text injection issues without showing an attacky-wacky vectow.
  • host headew injection with no demonstwabull impact. :(
  • booboos wepowted showtwy aftew theiw pubwic wewease (pwease awwow a weasonabull time for fixies).
  • booboo wepowts fwom automated toows without vawidation. nya~

safe hawbow~ >.<

we considew activities conducted consistent with dis powicy to constitute authowized conduct. to da extent ur activities awe consistent with dis powicy, we wiww nyot initiate a wawsui-wuit ow waw enfowcement investigation against u in wesponse to ur wepowt. we hope dat u wiww, in tuwn, nyot engage in any wegaw action against itgoit. pwease be nice~