As cybersecurity students, we appreciate open-source security reporting and research, however we forbid any penetration testing whatsoever to be performed on the 'live' version of the website hosted on https://cov-comsec.github.io. This is because it is hosted using third party servers, which may prosecute you for doing so, and we want as close to 100% uptime as possible.
With that being said, we are more than happy for anyone to inspect the code hosted in this repository and report any errors found (see below).
If you wish to test the live website, then there are two branches that you may need/wish to inspect
- Main - this contains all the documentation before being compiled by Hugo.
- gh-pages - this is what is actually hosted on the website.
With that being said please be respectful to any third party integrations that we include (such as Utterances Comments) and abide by their own security policies.
Please note, that we accept no responsibility for any actions you may take and that it is ultimately up to you to follow all relevant local laws.
Upon discovery of a flaw, please responsibly disclose by contact via telegram would be preferable.
After the flaw is fixed, you will be more than welcome to publish you findings, and we will credit you below.
Thanks,
ComSec