We are launching a private bug bounty program to test the security of our customer portal (https://portal.example.com). The goal is to identify critical vulnerabilities before we move to the public launch phase.We invite ethical hackers to test our application, focusing primarily on:

• Authentication & Session Management


• Access Control Issues


• SQL Injection, XSS, CSRF


• Business Logic Errors


• Sensitive Data Exposure

The target is a web application hosted on AWS, with REST APIs and a mobile companion app (Android only, APK provided upon acceptance).Out-of-scope assets:

• https://blog.example.com


• Internal admin tools not publicly accessible


• Social engineering and DoS attacks