- Read our security.txt file for structured security contact information.
- See our contact page for contact details.
For us, security and privacy take top priority
✅ No logging by default – ✅ Minimal data processing
✅ Single-purpose server – ✅ No databases
The InfoSec Handbook runs on a dedicated virtual server. This server does not run any other public services (e.g., no database server, no mail server, no messaging server).
✅ Security monitoring – ✅ Strong authentication – ✅ Defined processes
The InfoSec Handbook enforces current security practices. The core of our server is a hardened Linux installation. “Hardened” means we implemented the Principle of Least Functionality and Principle of Least Privilege. We monitor our server (e.g., login attempts, file changes). Two-factor authentication is mandatory to access the server. We install security patches within a narrow time frame and quickly respond to potential security incidents.
We love “responsible disclosure.” We won’t take legal action against you as a penetration tester if you observe the law, and we won’t publish your identity by default.
Please stay with the following process if you want to report potential security issues on the InfoSec Handbook:
- Observe the testing requirements: Act professionally! Don’t flood our web server with millions of requests. Don’t execute random attacks. Don’t manipulate or destroy any data.
- Remain in scope. Test https://infosec-handbook.eu only!
- Send your report, which includes a brief description of the potential security issue (What is affected?) and a step-by-step guide that allows us to reproduce it. If necessary, add screenshots or proof of concept code.
- We check your report and get in touch with you. Expect our initial feedback within 3–5 days. We wait for 14 days for your feedback.
- Depending on the evaluation and your wish, we may add your name to our Acknowledgments section.
We don’t participate in any bug bounty programs anymore due to unprofessional behavior of several people.
We thank the following researchers and testers:
|2019-08-28||Undisclosed||Unintended metadata in files|
We updated this page on September 4, 2021.