Privacy and open standards
Maybe you’ve wondered why this site hasn’t presented you with a warning about cookies. This is because we don’t need to use any. The site does not track visitors.
This website complies with the HTML standard, version 5, using Cascading Style Sheets (CSS, version 3). It was not developed with any particular browser in mind.
Reporting a security issue (responsible disclosure)
If you have found a security vulnerability in this website or another HackDefense system or product, we’d love to hear from you. Even though we always continue to strive for it, 100% security doesn’t exist, and we always like to learn.
If you’re acting in good faith and allow us a reasonable amount of time to resolve an issue before telling others about it, you can rest assured that we’ll not take any legal action against you about your discovery and report.
We do not offer monetary rewards, but T‑shirts are negotiable. :) We will, of course, be happy to publicly credit you with your discovery.
Hall of Fame
- We would like to thank Abhijeet Sarkar for pointing out to us on 25-Jul-2019 that this site’s redirect from HTTP to HTTPS was too generic and could be made to redirect to external sites (although not from a browser). Fixed!
- We would like to thank Prial Islam for finding, on 20-Aug-2019, an old summary of web server access logs for qcsec.com in a publicly accessible location, and letting us know. Removed!
- We would like to thank Sander Bos for reporting to us on 19-May-2023 that the PGP key information listed under the company contact information on our website was outdated, listing a key which had expired over 3 years ago, and that this key did not contain uid records for all our public e‑mail addresses. We have created a new PGP key, and updated the contact information on our website accordingly.
- We would also like to thank Sander Bos for reporting to us on 09-Jun-2023 the leaking of host name and IP address information of two HackDefense internal servers. First, the name of an internal host had leaked through an article on the HackDefense website. As this host was no longer in use, it should also already have been removed from DNS when it ceased to exist. Second, the IP address of an internal pentest host leaked through a (non-private, publicly available) report of a HackDefense performed security test. In addition, reverse DNS records for IP addresses belonging to this second, also decommissioned, server still pointed to the old DNS names under hackdefense.com. When handling these leaks we have performed a general review of our DNS and reverse DNS entries, and removed all unused names and pointers.