Security Policy

At shayananique.com, security is a top priority.
I take all reports of vulnerabilities seriously and work to resolve them quickly and responsibly.

If you believe you have discovered a security issue that affects this website, its infrastructure, or any associated systems, please follow the guidelines below.

🛡️ Responsible Disclosure Guidelines Link to heading

To protect users and the integrity of the platform:

  • DO NOT publicly disclose the vulnerability before it is fixed.
  • DO NOT perform destructive testing or actions that may affect service availability.
  • DO NOT access, modify, delete, or copy any data that does not belong to you.
  • DO NOT use automated scanners that could degrade performance.

Please act in good faith and follow coordinated disclosure practices.

📬 How to Report a Vulnerability Link to heading

You can report a security issue through the following channels:

Primary Contact Link to heading

Email: shayan@shayananique.com

Contact Form Link to heading

Submit securely via the contact page:
👉 https://shayananique.com/contact/

Preferred Languages Link to heading

  • English

Response Time Link to heading

You will receive:

  • An initial acknowledgment within 48–72 hours
  • A follow-up with mitigation details shortly after investigation
  • Notification when the issue is resolved

🔐 Optional: Submit Reports Encrypted Link to heading

If you prefer to send encrypted messages, you may use this PGP public key:

https://keys.openpgp.org/search?q=shayan%40shayananique.com

📝 What to Include in Your Report Link to heading

To help reproduce and resolve the issue efficiently, include:

  • Clear description of the vulnerability
  • Steps to reproduce (PoC)
  • Impact analysis (what can be exploited?)
  • Your name or alias (optional — for acknowledgment)
  • Contact information for follow-up

🧩 Scope of This Policy Link to heading

You may test:

  • Publicly accessible pages on shayananique.com
  • Non-destructive security research such as:
    • Input validation checks
    • Authentication/authorization flaws
    • Logic bugs
    • Misconfigurations
    • Header/security-control issues

❌ Out of Scope Link to heading

Do NOT test:

  • Physical security
  • Social engineering
  • Third-party tools or services not owned by Shayan
  • Denial of Service (DoS/DDoS)
  • Automated vulnerability scanners that cause load spikes

🏆 Security Hall of Fame Link to heading

Researchers who follow this policy and responsibly disclose verified vulnerabilities may be listed here:

👉 https://shayananique.com/security-hall-of-fame/

🤝 Commitment Link to heading

I am committed to maintaining a secure environment and appreciate contributions from the cybersecurity community.

Together, we can make the web safer.

Written by Shayan Anique Akhtar
IT Consultant & Cybersecurity Specialist