Security Bug Bounty

Know a vulnerability? Report and get a reward!

We prepared an awesome rewards for every hacker, who report a vulnerability bug to us. The purpose of the this program is to quickly discover any vulnerabilities that exist in the RoyalSSL service, and provide our users the most secure service possible.


Bug Bounty Program Rules

Program Rules


  • Cross-Site Scripting (XSS)
  • Remote Code Execution (RCE)
  • Server-Side Request Forgery (SSRF)
  • SQL Injection
  • Encryption Break
  • Authentication Bypass
  • Sensitive Information leaks or disclosure
  • Payment manipulation

Web Application Firewall


  • Denial of service
  • Social engineering
  • Brute Force attacks
  • Cookie attributes not set/Secure flag issues
  • Missing SPF records

API & API key related bugs

How to report a bug?

  • Send the bug report to, join us on hackerone or use our online form.
  • The reports have to be submitted in English.
  • Include as much information in your report as you can, including a description of the bug, its potential impact, and steps for reproducing it or proof of concept.
  • We will contact you back as soon as possible. In the meanwhile we evaluate your report and get back to you with more information.

Report an issue


Vulnerability Description Reward
Cross-Site Scripting (XSS) Ability to hijack a session or execute scripts through an XSS attack € 25,00
Security misconfiguration Description € 50,00
SQL-Injection Ability to access private information through an SQL injection attack € 1,000

Wall of Fame

We would like to thank all our contributors through this wall of fame
No. Profile Vulnerability
1 John Cena Cross-Site Scripting (XSS) / Security misconfiguration
2 John Travolta Cross-Site Scripting (XSS) / Security misconfiguration
3 John Doe Cross-Site Scripting (XSS) / Security misconfiguration