Help Secure Dating Positive

We take security seriously and invite ethical hackers & security researchers to help us make Dating Positive safer for everyone. While we do not currently offer financial rewards, we recognize and appreciate all contributions. As our platform grows, we will frequently update this page.

How You Can Help

If you find a vulnerability, please report it to security@datingpositive.com. Provide a detailed explanation, proof of concept (PoC), and any necessary replication steps.

Common Security Vulnerabilities We’re Monitoring

We encourage researchers to focus on identifying the following vulnerabilities:

1. SQL Injection (SQLi) – Exploiting database vulnerabilities.
2. Cross-Site Scripting (XSS) – Injecting malicious scripts into web pages.
3. Cross-Site Request Forgery (CSRF) – Forcing users to execute unwanted actions.
4. Broken Authentication – Weak login security and session hijacking risks.
5. Security Misconfigurations – Improper settings or default credentials.
6. Insecure Direct Object References (IDOR) – Unauthorized access to sensitive data.
7. Insecure API Endpoints – Leaking sensitive data via poorly secured APIs.
8. Open Redirects – Redirecting users to malicious sites.
9. Privilege Escalation – Gaining higher access levels improperly.
10. Insecure File Uploads – Uploading malicious files that compromise security.
11. Clickjacking – Tricking users into clicking hidden elements.
12. Rate Limiting Bypass – Exploiting login attempts or form submissions.
13. Server-Side Request Forgery (SSRF) – Abusing server-side functionality to access internal services.
14. Session Hijacking – Taking over user sessions through cookies or tokens.
15. Unvalidated Redirects & Forwards – Redirecting users to harmful URLs.
16. Weak Password Policies – Allowing easily guessable passwords.
17. Improper Access Controls – Unrestricted access to sensitive functions.
18. Exposed Sensitive Data – Leaking user information via improper encryption.
19. Man-in-the-Middle (MitM) Attacks – Intercepting communications between users and servers.
20. Dependency & Library Vulnerabilities – Outdated or insecure third-party components.

Rules & Guidelines

• **DO NOT** perform tests that disrupt services (e.g., DDoS, brute-force attacks).
• **DO NOT** access, modify, or delete user data.
• **DO NOT** publicly disclose vulnerabilities before we’ve addressed them.
• All reports must include detailed **steps to reproduce**.
• We appreciate **responsible disclosure** and will publicly credit contributors.

Submit a Report

To report a vulnerability, email security@datingpositive.com with:

• Vulnerability type
• Steps to reproduce
• Proof of Concept (if applicable)
• Suggested fixes (if possible)

We aim to respond within **48 hours** and appreciate your help in making Dating Positive safer! 🚀