You are managing a bug bounty program for a financial services institution. A researcher submits a report detailing a vulnerability that allows unauthorized access to customer accounts by exploiting an insecure API endpoint. What is the first recommended action you should take in handling this report?
Inform the researcher that you will get back to them after further assessment.
Publicly disclose the issue to alert customers.
Validate the vulnerability to confirm if it is legitimate.
Reward the researcher for identifying the vulnerability.
When receiving a report of a critical vulnerability such as unauthorized access through an insecure API endpoint, the primary action should be to immediately validate the vulnerability. This ensures the legitimacy of the report before any further steps, such as mitigation or contacting the researcher, are taken. Once validated, you can then prioritize fixing the issue based on its severity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to validate a vulnerability?
Open an interactive chat with Bash
What are insecure API endpoints and why are they a risk?
Open an interactive chat with Bash
What are the next steps after validating a vulnerability?