← Back to ShakerScan

Security Acknowledgments

Hall of Fame

We gratefully acknowledge the following security researchers who have helped improve ShakerScan's security through responsible disclosure of vulnerabilities. Their contributions make our platform safer for everyone.

Contributors

No public acknowledgments have been published yet. Report vulnerabilities to security@shakerscan.com.

Recognition Program

We value the security research community's efforts in helping us maintain a secure platform. Researchers who report valid security vulnerabilities may receive:

  • Public acknowledgment on this page (with consent)
  • Priority support for security research activities
  • Letter of appreciation for significant findings

Vulnerability Categories

Critical

  • • Remote Code Execution (RCE)
  • • SQL Injection
  • • Authentication Bypass
  • • Privilege Escalation
  • • Data Breach Vulnerabilities

High

  • • Cross-Site Scripting (XSS)
  • • CSRF on sensitive actions
  • • Information Disclosure
  • • Business Logic Flaws
  • • Account Takeover

Medium

  • • Clickjacking
  • • Session Fixation
  • • Rate Limiting Bypass
  • • Sensitive Data in URLs
  • • CORS Misconfiguration

Low

  • • Missing Security Headers
  • • Version Disclosure
  • • Directory Listing
  • • Weak Password Policy
  • • SSL/TLS Issues

How to Qualify

To be eligible for acknowledgment:

  1. Report the vulnerability to security@shakerscan.com
  2. Provide clear reproduction steps and proof of concept
  3. Allow reasonable time for us to fix the issue
  4. Coordinate public disclosure after the issue is resolved
  5. Follow our Security Policy guidelines
  6. Be the first to report the specific vulnerability

Special Recognition

Notable Contributions

We may highlight reports that materially improve customer security, evidence integrity, GitHub/CI gate enforcement, authorization controls, or service reliability.

Tools and Techniques Used

ShakerScan itself uses various security assessment tools. We acknowledge the creators and maintainers of these open-source projects:

Tool names are provided for recognition context only. They do not authorize high-volume scanning, destructive testing, exploitation, denial-of-service testing, customer-data access, worker-infrastructure testing, or testing outside the Security Policy and Vulnerability Disclosure Policy scope.

OWASP ZAP
Nuclei
httpx
subfinder
nmap
testssl.sh
sqlmap
dalfox
katana
ffuf
amass
gobuster
masscan
nikto
burpsuite

Reporting Timeline

Initial ResponseTriage queue
Vulnerability ConfirmationBased on severity
Remediation PriorityRisk based
Acknowledgment AddedAfter validation and consent

Contact

For security vulnerability reports and inquiries about our recognition program:

Email: security@shakerscan.com

PGP Key: Available upon request

Policy: View Security Policy

Last Updated: May 26, 2026

Thank you to all security researchers who help keep Shaker and its users secure.