SEASONS BIGGEST SALE | FLAT 60 % OFF

0
INR

Indya Responsible Disclosure Policy

At Indya, we take the security of our systems seriously, and it is our constant endeavour to make our website a safe place for our customers to use. However, in the rare case when some security researcher or member of the general public identifies a vulnerability in our systems, and responsibly shares the details of it with us, we appreciate their contribution and work closely with them to address any reported issue with urgency. Further, we are happy to acknowledge your contributions publicly.

 

How to report a bug?

    If you happen to have identified a vulnerability on any of our web properties, we request you to follow the steps outlined below:

  • Please contact us immediately by sending an email to security@houseofindya.com with the necessary details to recreate the vulnerability scenario. This may include screenshots, videos or simple text instructions.
  • Please share your contact details (email, phone number), so that our security team can reach out to you if further inputs are needed to identify or close the problem.
  • Do provide enough information to reproduce the problem, so we will be able to resolve it as quickly as possible.
  • Do not reveal the problem to others until it has been resolved.
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam, etc.

Eligibility

Generally speaking, any bug that poses a significant vulnerability could be eligible for recognition but it's entirely at our discretion to decide whether a bug is significant enough to be eligible for recognition Security issues that typically would be eligible listed under Vulnerability Categories.

Vulnerability Categories:

  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Code Executions
  • SQL injections
  • Server-Side Request Forgery (SSRF)
  • Privilege Escalations
  • Authentication Bypasses
  • File inclusions (Local & Remote)
  • Protection Mechanism bypasses (CSRF bypass, etc.)
  • Leakage of sensitive data
  • Directory Traversal
  • Payment manipulation
  • Administration portals without authentication mechanism
  • Open redirects which allow stealing tokens/secrets

Rules

  • Don't violate the privacy of other users, destroy data, disrupt our services, etc.
  • Only target your own accounts in the process of investigating any bugs/findings. Don't target, attempt to access, or otherwise disrupt the accounts of other users.
  • Don't target our physical security measures, or attempt to use social engineering, spam, distributed denial of service (DDOS) attacks, etc.
  • In case you find a severe vulnerability that allows system access, you must not proceed further.
  • It is indya's decision to determine when and how bugs should be addressed and fixed.
  • Disclosing bugs to a party other than indya is forbidden, all bug reports are to remain at the reporter and indya's discretion.
  • Threatening of any kind will automatically disqualify you from participating in the program.
  • Exploiting or mis-using the vulnerability for own or others benefit will automatically disqualify the report.
  • Bug disclosure communications with indya's Security/Technology Team are to remain confidential. Researchers must destroy all artifacts created to document vulnerabilities (POC code, videos, screenshots) after the bug report is closed.

Acknowledgements

    We are not part of a cash/bug bounty program but are happy to issue a certificate of recognition to individuals who report security issues responsibly and help us make indya's systems more secure.

Contributors - indya Responsible Disclosure Program

    indya would like to thank all individuals who have discovered and reported vulnerabilities in indya system as per the responsible disclosure program. We sincerely appreciate the efforts of each individual listed below and we thank them for their technical skills, security knowledge, and constructive engagement with indya.

Easy And Secure Shopping Indya

Download the app

FabAlley Android App FabAlley IOS App
In case of any concern, Contact Us

Head Office Address:

High Street Essentials Pvt Ltd
C-11, Sector 7, Noida, UP- 201301, India
Customer Care: +91-8929987349

Return Address:

High Street Essentials Pvt Ltd
Plot No-1C/2, Sector 16,
Greater Noida(West), Gautam Buddha Nagar, UP - 201306, India

Payment Methods

Payment Image