Does your company need a Penetration Test? A PCI Qualified Security Assessor? Code Review? Instead of searching Google, emailing dozens of companies, hoping they return your email, filling out questionnaires then hoping you receive a few quotes, use InfoSecQuote to post a Request for Quote once and centrally communicate with your next security partner
InfoSecQuote RFQ questionnaires are designed in partnership with all member service providers and contain the questions they need to be able to provide an accurate quote for the services you are needing.
InfoSecQuote service providers are all interviewed with business driven questions providing details about each service provider that can be used along with a review and rating system to select the best security partner for your business.
Businesses can optionally create "Blind RFQs" which will mask their business name, address, URL and other identifying information from the service providers allowing for a more focused quoting of projects.
All InfoSecQuote accounts are free.RFQs
RFQ fees are based on the type of service for the request being made for.Referral Coupons
Refer a business or service provider and when they register with InfoSecQuote you both will receive a 10% coupon for your next purchase.Beta Program
For a limited time join during our beta period and receive 85% off all RFQ submissions.
We believe that you, as our online visitor, have the right to know our practices regarding any information we might collect when you visit our website.
We will ask you to provide personal information on our website shopping cart when you choose to buy a product or service. This information may include your name, mailing address, phone number, credit card number, all of which are necessary to the ordering of products/services on this site. We, and any parent, subsidiary and other affiliated companies may use this information to improve their marketing and promotional efforts as well as to improve the user experience on the website. We do not sell or rent your personal information to third parties for their marketing purposes without your express consent. However, your personal information may be disclosed in the normal scope of business of providing goods and services to customers, including but not limited to, advertisers, third party service providers and law enforcement authorities.
Protecting your information is our first concern. Our site makes every effort to protect the information transmitted to InfoSecQuote by using Secure Sockets Layer (SSL) technology. In addition to protecting your information through SSL, InfoSecQuote leverages best practices in security architecture and is fully PCI compliant across all InfoSecQuote systems
Last updated: March 17, 2016
Welcome to InfoSecQuote.com. InfoSecQuote Services LLC and/or its affiliates ("InfoSecQuote") provide website features to you subject to the following conditions. If you visit or shop at InfoSecQuote.com, you accept these conditions. Please read them carefully. In addition, when you use any current or future InfoSecQuote service or business (e.g., Your Profile, Gift Cards, Unbox, or Your Media Library) you also will be subject to the guidelines, terms and agreements ("Terms") applicable to such service or business. If these conditions are inconsistent with such Terms, the Terms will control.
Please review our Privacy Notice, which also governs your visit to InfoSecQuote.com, to understand our practices.
When you visit InfoSecQuote.com or send e-mails to us, you are communicating with us electronically. You consent to receive communications from us electronically. We will communicate with you by e-mail or by posting notices on this site. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing.
All content included on this site, such as text, graphics, logos, button icons, images, audio clips, digital downloads, data compilations, and software, is the property of InfoSecQuote or its content suppliers and protected by United States and international copyright laws. The compilation of all content on this site is the exclusive property of InfoSecQuote and protected by U.S. and international copyright laws. All software used on this site is the property of InfoSecQuote or its software suppliers and protected by United States and international copyright laws.
In addition, InfoSecQuote.com graphics, logos, page headers, button icons, scripts, and service names are trademarks, or trade dress of InfoSecQuote in the U.S. and/or other countries. InfoSecQuote's trademarks and trade dress may not be used in connection with any product or service that is not InfoSecQuote's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits InfoSecQuote. All other trademarks not owned by InfoSecQuote that appear on this site are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by InfoSecQuote.
InfoSecQuote grants you a limited license to access and make personal use of this site and not to download (other than page caching) or modify it, or any portion of it, except with express written consent of InfoSecQuote. This license does not include any resale or commercial use of this site or its contents; any collection and use of any product listings, descriptions, or prices; any derivative use of this site or its contents; any downloading or copying of account information for the benefit of another merchant; or any use of data mining, robots, or similar data gathering and extraction tools. This site or any portion of this site may not be reproduced, duplicated, copied, sold, resold, visited, or otherwise exploited for any commercial purpose without express written consent of InfoSecQuote. You may not frame or utilize framing techniques to enclose any trademark, logo, or other proprietary information (including images, text, page layout, or form) of InfoSecQuote without express written consent. You may not use any meta tags or any other "hidden text" utilizing InfoSecQuote's name or trademarks without the express written consent of InfoSecQuote. Any unauthorized use terminates the permission or license granted by InfoSecQuote. You are granted a limited, revocable, and nonexclusive right to create a hyperlink to the home page of InfoSecQuote.com so long as the link does not portray InfoSecQuote, or its products or services in a false, misleading, derogatory, or otherwise offensive matter. You may not use any InfoSecQuote logo or other proprietary graphic or trademark as part of the link without express written permission.
If you use this site, you are responsible for maintaining the confidentiality of your account and password and for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your account or password. InfoSecQuote does sell products for children, but it sells them to adults, who can purchase with a credit card or other permitted payment method. If you are under 18, you may use InfoSecQuote.com only with involvement of a parent or guardian. InfoSecQuote reserves the right to refuse service, terminate accounts, remove or edit content, or cancel orders in their sole discretion.
Visitors may post reviews, comments, photos, and other content; send e-cards and other communications; and submit suggestions, ideas, comments, questions, or other information, so long as the content is not illegal, obscene, threatening, defamatory, invasive of privacy, infringing of intellectual property rights, or otherwise injurious to third parties or objectionable and does not consist of or contain software viruses, political campaigning, commercial solicitation, chain letters, mass mailings, or any form of "spam." You may not use a false e-mail address, impersonate any person or entity, or otherwise mislead as to the origin of a card or other content. InfoSecQuote reserves the right (but not the obligation) to remove or edit such content, but does not regularly review posted content.
If you do post content or submit material, and unless we indicate otherwise, you grant InfoSecQuote a nonexclusive, royalty-free, perpetual, irrevocable, and fully sublicensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display such content throughout the world in any media. You grant InfoSecQuote and sublicensees the right to use the name that you submit in connection with such content, if they choose. You represent and warrant that you own or otherwise control all of the rights to the content that you post; that the content is accurate; that use of the content you supply does not violate this policy and will not cause injury to any person or entity; and that you will indemnify InfoSecQuote for all claims resulting from content you supply. InfoSecQuote has the right but not the obligation to monitor and edit or remove any activity or content. InfoSecQuote takes no responsibility and assumes no liability for any content posted by you or any third party.
InfoSecQuote respects the intellectual property of others. If you believe that your work has been copied in a way that constitutes copyright infringement, please follow our Notice and Procedure for Making Claims of Copyright Infringement.
All items purchased from InfoSecQuote are made pursuant to a shipment contract. This means that the risk of loss and title for such items pass to you upon our delivery to the carrier.
All InfoSecQuote bid ticket purchases are non-refundable. If a bid has been placed on an item that does not sell, is de-listed, expired or removed; then the bid will be released back to the purchaser to be used on another InfoSecQuote item. If the item receives enough bids to close, then the bid is transferred to the bidder selected for the item and the original bidder loses all rights to the item that was bid on and awarded.
All fees associated with selling or listing on InfoSecQuote are non-refundable and due at the end of the month for which they were incurred.
InfoSecQuote does not take title to returned items until the item arrives at our fulfillment center. At our discretion, a refund may be issued without requiring a return. In this situation, InfoSecQuote does not take title to the refunded item. For more information about our returns and refunds, please see our Returns Center.
InfoSecQuote attempts to be as accurate as possible. However, InfoSecQuote does not warrant that product descriptions or other content of this site is accurate, complete, reliable, current, or error-free. If a product offered by InfoSecQuote itself is not as described, your sole remedy is to return it in unused condition.
Except where noted otherwise, the List Price displayed for products on our website represents the full retail price listed on the product itself, suggested by the manufacturer or supplier, or estimated in accordance with standard industry practice; or the estimated retail value for a comparably featured item offered elsewhere. The List Price is a comparative price estimate and may or may not represent the prevailing price in every area on any particular day. For certain items that are offered as a set, the List Price may represent "open-stock" prices, which means the aggregate of the manufacturer's estimated or suggested retail price for each of the items included in the set. Where an item is offered for sale by one of our merchants, the List Price may be provided by the merchant.
With respect to items sold by InfoSecQuote, we cannot confirm the price of an item until you order; however, we do NOT charge your credit card until after your order has entered the shipping process. Despite our best efforts, a small number of the items in our catalog may be mispriced. If an item's correct price is higher than our stated price, we will, at our discretion, either contact you for instructions before shipping or cancel your order and notify you of such cancellation.
Please note that this policy applies only to products sold and shipped by InfoSecQuote. Your purchases from third-party sellers are charged at the time you place your order, and third-party sellers may follow different policies in the event of a mispriced item.
Parties other than InfoSecQuote operate stores, provide services, or sell product lines on this site. For example, Shutterfly offers Photo Services in our Camera and Photo store, and other businesses and individuals offer products in Auctions. In addition, we provide links to the sites of affiliated companies and certain other businesses. We are not responsible for examining or evaluating, and we do not warrant the offerings of, any of these businesses or individuals or the content of their Web sites. InfoSecQuote does not assume any responsibility or liability for the actions, product, and content of all these and any other third parties. You should carefully review their privacy statements and other conditions of use.
THIS SITE AND ALL INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUDING SOFTWARE) AND SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THIS SITE ARE PROVIDED BY InfoSecQuote ON AN "AS IS" AND "AS AVAILABLE" BASIS, UNLESS OTHERWISE SPECIFIED IN WRITING. InfoSecQuote MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THIS SITE OR THE INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUDING SOFTWARE) OR SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THIS SITE, UNLESS OTHERWISE SPECIFIED IN WRITING. YOU EXPRESSLY AGREE THAT YOUR USE OF THIS SITE IS AT YOUR SOLE RISK. TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, InfoSecQuote DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. InfoSecQuote DOES NOT WARRANT THAT THIS SITE; INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUDING SOFTWARE) OR SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THIS SITE; THEIR SERVERS; OR ELECTRONIC COMMUNICATIONS SENT FROM InfoSecQuote ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. InfoSecQuote WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THIS SITE OR FROM ANY INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUDING SOFTWARE) OR SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THIS SITE, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES, UNLESS OTHERWISE SPECIFIED IN WRITING. CERTAIN STATE LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES OR THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE ABOVE DISCLAIMERS, EXCLUSIONS, OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MIGHT HAVE ADDITIONAL RIGHTS.
Any dispute or claim relating in any way to your visit to InfoSecQuote.com or to products or services sold or distributed by InfoSecQuote or through InfoSecQuote.com will be resolved by binding arbitration, rather than in court, except that you may assert claims in small claims court if your claims qualify. The Federal Arbitration Act and federal arbitration law apply to this agreement.
There is no judge or jury in arbitration, and court review of an arbitration award is limited. However, an arbitrator can award on an individual basis the same damages and relief as a court (including injunctive and declaratory relief or statutory damages), and must follow the terms of these Conditions of Use as a court would.
To begin an arbitration proceeding, you must send a letter requesting arbitration and describing your claim to our registered agent Corporation Service Company. The arbitration will be conducted by the American Arbitration Association (AAA) under its rules, including the AAA's Supplementary Procedures for Consumer-Related Disputes. The AAA's rules are available at www.adr.org or by calling 1-800-778-7879. Payment of all filing, administration and arbitrator fees will be governed by the AAA's rules. We will reimburse those fees for claims totaling less than $10,000 unless the arbitrator determines the claims are frivolous. Likewise, InfoSecQuote will not to seek attorneys' fees and costs in arbitration unless the arbitrator determines the claims are frivolous. You may choose to have the arbitration conducted by telephone, based on written submissions, or in person in the county where you live or at another mutually agreed location.
We each agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated or representative action. If for any reason a claim proceeds in court rather than in arbitration we each waive any right to a jury trial. We also both agree that you or we may bring suit in court to enjoin infringement or other misuse of intellectual property rights.
By visiting InfoSecQuote.com, you agree that the Federal Arbitration Act, applicable federal law, and the laws of the state of Washington, without regard to principles of conflict of laws, will govern these Conditions of Use and any dispute of any sort that might arise between you and InfoSecQuote.
Please review our other policies, such as our pricing policy, posted on this site. These policies also govern your visit to InfoSecQuote.com. We reserve the right to make changes to our site, policies, and these Conditions of Use at any time. If any of these conditions shall be deemed invalid, void, or for any reason unenforceable, that condition shall be deemed severable and shall not affect the validity and enforceability of any remaining condition.
Notice and Procedure for Making Claims of Copyright Infringement
If you believe that your work has been copied in a way that constitutes copyright infringement, please provide InfoSecQuote.com's copyright agent the written information specified below. Please note that this procedure is exclusively for notifying InfoSecQuote that your copyrighted material has been infringed.
An electronic or physical signature of the person authorized to act on behalf of the owner of the copyright interest;
A description of the copyrighted work that you claim has been infringed upon;
A description of where the material that you claim is infringing is located on the site, including the sale ID number, if applicable;
Your address, telephone number, and e-mail address;
A statement by you that you have a good-faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law;
A statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner's behalf.
Since our inception, our security team launched a Vulnerability Reward Program. We have long enjoyed close cooperation with the security research community - and encouraged by the success of Google and other site Vulnerability Reward Programs, we decided to take this step to invite cutting-edge external research that would help us keep our users safe.
Services in scope
Any InfoSecQuote web service that handles reasonably sensitive user data is intended to be in scope. This includes virtually all the content in the following domains:
We make an important exception for acquired companies: for the first 6 months after the acquisition, the vulnerabilities in acquired platforms will usually not qualify for a reward. We will revisit this exclusion if a decision is made to align our operations and security programs more closely.
It is difficult to provide a definitive list of bugs that will qualify for a reward: any bug that substantially affects the confidentiality or integrity of user data is likely to be in scope for the program. Common examples include:
Cross-site request forgery
Cross-site script inclusion
Flaws in authentication and authorization mechanisms
Server-side code execution or command injection bugs.
The following reports are definitely excluded:
Attacks against InfoSecQuote corporate infrastructure
Social engineering and attacks on physical facilities
Brute-force denial of service bugs
Vulnerabilities in non-web applications
Vulnerabilities in InfoSecQuote-branded services operated by third parties.
Out of concern for the availability of our services to all users, we ask you to refrain from using any tools that are likely to automatically generate significant volumes of traffic.
We are in startup mode so sorry we do not have a cash based reward, but we are very very happy to give you props anywhere and everywhere we can! We will be making cash bounties available once we reach a larger user base.
In each case, the ultimate decision is made by the reward panel and is at our discretion. In particular, we may decide to pay higher rewards for unusually clever or severe vulnerabilities; decide that a single report actually constitutes multiple bugs; or that multiple reports are so closely related that they only warrant a single reward.
We understand that some of you are not interested in money. We also offer the option to donate your reward to charity. If you do, we will match it - subject to our discretion. Any rewards that are unclaimed after 12 months will be donated to a charity of our choosing.
Regardless of whether you're rewarded monetarily or not, all vulnerability reporters who interact with us in a productive manner will be credited on the Hall of Fame. If we file a security bug internally, we will acknowledge your contribution on that page.
Investigating and reporting bugs
When investigating a vulnerability, please, only ever target your own accounts. Never attempt to access anyone else's data and do not engage in any activity that would be disruptive or damaging to your fellow users or to InfoSecQuote.
If you have found a vulnerability, please contact us at firstname.lastname@example.org. Please be succinct: the mailbox is attended by security engineers and a short proof-of-concept link is more valuable than a video explaining the consequences of an XSS bug. If necessary, you can use this PGP key.
Note that we are only able to answer to technical vulnerability reports. Non-security bugs and queries about problems with your account should be instead directed to InfoSecQuote Help Centers.
Frequently asked questions
Q: Who determines whether my report is eligible for a reward?
A: The reward panel consists of the members of the InfoSecQuote Security Team.
Q: What happens if I disclose the bug publicly before you had a chance to fix it?
A: Please read Google's stance on coordinated disclosure. In essence, our pledge to you is to respond promptly and fix bugs in a sensible timeframe - and in exchange, we ask for a reasonable advance notice. Reports that go against this principle will usually not qualify, but we will evaluate them on a case-by-case basis.
Q: I wish to report an issue through a vulnerability broker. Will my report still qualify for a reward?
A: We believe that it is against the spirit of the program to privately disclose the flaw to third parties for purposes other than actually fixing the bug. Consequently, such reports will typically not qualify.
Q: What if somebody else also found the same bug?
A: First in, best dressed. You will qualify for a reward only if you were the first person to alert us to a previously unknown flaw.
Q: My employer / boyfriend / dog frowns upon my security research. Can I report a problem privately?
A: Sure. If you are selected as a recipient of a reward, and if you accept, we will need your contact details to process the payment. You can still request not to be listed on our public credits page.
Q: Are there any commonly reported vulnerabilities that are not clear-cut that the panel has historically erred on the side of not issuing rewards?
A: Yes. In the spirit of transparency and to help focus external efforts, here is an overview of reports we most commonly reject:
Vulnerabilities in InfoSecQuote-branded services maintained by third parties: There is a small number of (typically minor) InfoSecQuote-branded sites operated by external companies. For obvious reasons, we cannot authorize you to test such servers on behalf of these companies - and therefore, we regrettably canâ€™t consider any eventual reports as in scope for our reward program.
Before getting started with any security testing, we ask you to confirm that the service is actually operated by InfoSecQuote: examining WHOIS and DNS records, and reading the fine print on the target page itself, should offer sufficient insight.
URL redirection: Some members of the security community argue that open redirectors are a security issue. The common argument in favor of this view is that some users, when presented with a carefully crafted link, may be duped into thinking that they will be taken to a trusted page - but will be not be attentive enough to examine the contents of the address bar after the redirection takes place.
On the other hand, we recognize that the address bar is the only reliable security indicator in modern browsers; and consequently, we think that any user who could be misled by a URL redirector can also be tricked in other ways, without relying on any particular trusted website to act as a relying party.
The reward panel will likely deem URL redirection reports as non-qualifying: while we prefer to keep their numbers in check, we hold that the usability and security benefits of a small number of well-implemented and carefully monitored URL redirectors tend to outweigh the true risks.
Legitimate content proxying and framing: The panel applies similar reasoning to most cases of content proxying and framing.
In general, we expect our services to label third-party content unambiguously and to perform a number of malware and abuse detection checks. However, we recognize that well-implemented content proxying brings innovative and unique functionality to many of our user-oriented services, and similarly to URL redirection, we believe that usability benefits substantially outweigh the risks.
When it comes to framed third-party content, we recognize that framebusting is an interesting â€“ and still unsolved â€“ vector for petty mischief. That said, as with many other architectural improvements attempted today, it will be a while before this problem is fully eradicated.
Logout cross-site request forgery: At this time, the ability of malicious web sites to log users out of unrelated web applications is essentially unavoidable; it is a consequence of how the web is designed and cannot be reliably prevented by any single website. You might be interested in the following personal blog posts published a while ago on this topic by two Google employees:
http://scarybeastsecurity.blogspot.com/2010/01/logout-xsrf-significant-web-app-bug.html - Logout XSRF significant web app bug? (Chris Evans)
https://lcamtuf.blogspot.com/2010/10/http-cookies-or-how-not-to-design.html - HTTP cookies, or how not to design protocols (Michal Zalewski)
Consequently, in most cases, the panel will not consider reports of the ability to log out users from InfoSecQuote as qualifying for the reward. Difficult, long-term browser-level improvements are required to truly eliminate this possibility.
Flaws present only when using out-of-date browsers and plugins: The security model of the web is being constantly fine-tuned and improved by the vendors and by the security community. The panel will typically not reward reports of vulnerabilities that affect only the users of outdated or unpatched browsers. In particular we have decided to exclude all Internet Explorer versions prior to version 8.
We are unable to issue rewards to individuals who are on sanctions lists, or who are in countries (e.g. Cuba, Iran, North Korea, Sudan and Syria) on sanctions lists. You are responsible for any tax implications depending on your country of residency and citizenship. There may be additional restrictions on your ability to enter depending upon your local law.
This is not a competition, but rather an experimental and discretionary rewards program. You should understand that we can cancel the program at any time and the decision as to whether or not to pay a reward has to be entirely at our discretion.
Of course, your testing must not violate any law, or disrupt or compromise any data that is not your own.
We value the participation of each member of the community and want everyone to have an enjoyable and fulfilling experience. Accordingly, all members are expected to show respect and courtesy to other members.
To make clear what is expected, all members are required to conform to the following Code of Conduct.
The InfoSecQuote community is dedicated to providing a harassment-free experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, race, or religion. We do not tolerate harassment of participants in any form.
All communication should be appropriate for a professional audience including people of many different backgrounds. Sexual language and imagery is not appropriate.
Be kind to others. Do not insult or put down other members. Behave professionally. Remember that harassment and sexist, racist, or exclusionary jokes are not appropriate for the InfoSecQuote community.
Members violating these rules may be asked to leave the group at the sole discretion of the organizers.
Thank you for helping make this a welcoming, friendly group for all.