How do I report a security vulnerability?

Report security issues via the website contact method or email listed on the site. Include a clear description of the issue, steps to reproduce, potential impact, and relevant screenshots or logs.

What security testing is allowed?

Limited, non-destructive testing is allowed including: identifying common web vulnerabilities (XSS, CSRF, auth issues), checking for misconfigurations that expose data, and testing rate limits in a reasonable way.

What activities are prohibited?

Prohibited activities include: accessing, modifying, or deleting data that isn't yours; disrupting service availability; social engineering or phishing; credential stuffing or brute force attacks; exfiltrating secrets; and publicly disclosing vulnerabilities before they're fixed.

What is the safe harbor policy?

If you follow this policy, act in good faith, and avoid privacy violations and disruption, no legal action will be pursued against you for your security research.

What is the response timeline for vulnerability reports?

Reports are acknowledged within 7 days, status updates are provided as progress is made, and valid issues are fixed or mitigated within a reasonable timeframe depending on severity.

What is covered by this security policy?

This policy covers the website and its hosted pages, public demos, bots, and tools linked from the site. Third-party services, platforms, or links not owned or controlled by Divesh Lab may be out of scope.

Security Policy
‍

Effective Date: 1st February 2026

I take security seriously and appreciate responsible reports from the community. This policy explains how to report vulnerabilities on this website and any related demos, bots, or tools (“Services”).

1. Report a vulnerability

Please report security issues via my website contact method (or the email listed on the site). Include:

A clear description of the issue and where you found it
Steps to reproduce (proof-of-concept is helpful)
The potential impact (what could happen)
Screenshots/logs (if relevant)

‍

2. What’s allowed (good-faith testing)

You may perform limited, non-destructive testing to confirm a vulnerability, such as:

Identifying common web vulnerabilities (e.g., XSS, CSRF, auth issues)
Checking for misconfigurations that expose data
Testing rate limits in a reasonable way

‍

3. What’s not allowed

Please do not:

Access, modify, delete, or download data that isn’t yours
Attempt to disrupt service availability (DoS/DDoS, heavy scanning, request floods)
Use social engineering, phishing, or physical attempts
Attempt credential stuffing, brute force, or bypassing authentication
Exfiltrate secrets (API keys, tokens), or publish exploit code for active issues
Publicly disclose a vulnerability before it’s fixed or without permission

‍

4. Safe harbor

If you:

Follow this policy,
Act in good faith,
Avoid privacy violations and disruption,

I will not pursue legal action against you for your security research.

‍

5. Response timeline

I aim to:

Acknowledge reports within 7 days
Provide a status update as progress is made
Fix or mitigate valid issues within a reasonable timeframe (severity-dependent)

‍

6. Scope

This policy covers:

This website and its hosted pages
Public demos, bots, and tools linked from this site

Anything not owned/controlled by me (third-party services, platforms, or links) may be out of scope.

‍

7. Credits (optional)

If you’d like, I can credit you publicly once the issue is resolved—just mention your preferred name/handle in your report.

‍

Security Policy
‍

1. Report a vulnerability

2. What’s allowed (good-faith testing)

3. What’s not allowed

4. Safe harbor

5. Response timeline

6. Scope

7. Credits (optional)

Get in Touch

Legal

Security Policy‍

1. Report a vulnerability

2. What’s allowed (good-faith testing)

3. What’s not allowed

4. Safe harbor

5. Response timeline

6. Scope

7. Credits (optional)

Get in Touch

Legal

Security Policy
‍