-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsecurity.txt.template
33 lines (26 loc) · 1.76 KB
/
security.txt.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# Original version by Casey Ellis and Chris Raethke, 10/19/16
## How this works...
# The security.txt file should be placed at / of the website directory.
## Domain-wide rules
# Security.txt allows nomination of security testing rules for other hosts within the same domain *only* if it it is placed on the www and/or root website for that domain (i.e. www.company.com/ or company.com/)
## Rule priority
# Rules which affect the website on which the file is placed will be given priority over domain-wide rules (e.g. an Allow rule placed on https://host1.company.com will override a Disallow rule placed on https://company.com/)
# Allow/Disallow rules are firewall-style, processed top down. The most permissive rules should be placed at the bottom.
Disallow: pages.bugcrowd.com
Disallow: forum.bugcrowd.com
Disallow: docs.bugcrowd.com
Disallow: https://bugcrowd.com/?preview
Allow: *
# Crawl delay provides a guide for throttling automated scanners (1-120).
Crawl-delay: 1
# Reports should be sent to the email address or https page/endpoint nominated in this variable.
# Blank = [email protected]
Report-to: https://bugcrowd.com/bugcrowd/report
# Legal terms relating to security testing, including details of any incentive, are found below. Security rearchers should read these before commencing activity.
Terms: https://bugcrowd.com/bugcrowd
# Sitemap of the website where this file resides.
Sitemap: https://bugcrowd.com/sitemap.xml
# Disallow specific user agents which are of no interest to your organization.
Disallow-user-agent: Acunetix
# If your company would like to encourage testing of non-web targets (e.g. mobile applications), provide a link to the page which contains details of these targets here. Otherwise, leave blank.
# Other-targets: https://company.com/security/targets