Security at Beget

Key Value

the security of our users' services and the infrastructure that supports them.

Stability and Reliability

are the foundation of a successful business, which is why we pay maximum attention to ensuring the security of our products.

Along with other measures, we accept reports on the security of our infrastructure from external researchers and reward them for helping to find vulnerabilities.

Report via email Report through bugbounty.bi.zone

  $(document).ready(function () {

        function initializeTimer() {

            const now = new Date();

            const weeks = 14 * 24 * 60 * 60 * 1000;

            const endDate = new Date(now.getTime() + weeks);

            function updateTimer() {

                const currentTime = new Date().getTime();

                const timeLeft = endDate - currentTime;

            updateTimer();

            setInterval(updateTimer, 1000);

        initializeTimer();

});

Our principles of protection and security

Ensuring product security

We have developed and implemented features for our products that meet modern security requirements: each of our products has its own set of security principles that protect against attacks and data leaks, allowing users to focus on developing their projects.

Подробнее →

Ensuring physical security

All equipment is housed in data centers with certifications that confirm high access standards, such as PCI DSS, ISO, etc. The data centers comply with Tier III standards.

Подробнее →

Implementing best security practices

We were among the first providers to launch our own vulnerability detection program, which has paid out over 8 million rubles in its 7 years of existence.

Подробнее →

Obtaining certifications and passing accreditation

Beget is listed in the register of accredited IT companies in Russia, and our control panel is included in the register of domestic software. We regularly update our certification, confirming the reliability of personal data processing and adhere to SLAs, guaranteeing network connection availability at 99.9%.

Подробнее →

The platform connects organizations and independent researchers, allowing a wide range of specialists to identify vulnerabilities in information security. With BI.ZONE Bug Bounty, you can test systems and receive rewards for finding network vulnerabilities and other bugs. The platform was launched by «SberFactoring» in 2024.

Submit a report via bugbounty.bi.zone

Security and protection of our products

If you have any questions or suggestions regarding our Bug Bounty, please contact us at: bugbounty@beget.com

Rules for Participation in the Beget Bug Bounty Vulnerability Program

First and foremost, we are interested in finding vulnerabilities in servers, while discovering other types of errors is also welcome. Please read BugBounty rules.

Here are some examples of vulnerabilities for which we are willing to pay a reward:

Remote Code Execution (RCE)

injections (e.g. SQL or XML injections)

LFR/LFI/RFI

SSRF

business logic and access control vulnerabilities

XSS and CSRF with impact on sensitive data

system privilege escalation to root level

gaining access to system databases and user data

cloud data protection issues - impact on other people's virtual machines, any way to modify other users' data

etc.

When evaluating, we consider two key criteria:

1. The criticality of the affected system

2. The severity of the discovered vulnerability

Each submitted vulnerability report is considered individually.

The size of the reward is determined according to these parameters:

Critical

up to 4 000 €

Examples: Gaining root privileges on a virtual server, remote code execution, accessing system databases

High

up to 750 €

Examples: Issues related to personal data protection (gaining access to user or payment information), bypassing business logic for service orders or partner programs, issues related to fund allocation

Medium

up to 250 €

Examples: Unauthorized access to client HTTP requests, infinite domain rights transfer, errors that may cause system disruptions but do not pose a threat to user data

Low

up to 25 €

Examples: Anything that does not pose a serious threat to the system or user data

Beget is listed in register of accredited IT companies.

Our control panel is included in the register of domestic software.

Our equipment is hosted in data centers certified by PCI DSS, ISO.

Knowledge base

Control panel guide Beget.API Hosting

Contacts

Tech support:

Accounts department:

Client feedback:

Management:

Telegram:

This website is protected by reCAPTCHA and Google's Privacy Policy and Terms of Service apply.

* according to the statistics website of the Technical Center of the Internet statdom.ru for the number of domains .ru/.рф/.su on the page “Hosting providers” and for the number of domains in the .ru/.рф zones on the page “Distribution of domains by registrars” as of June 2024.

** according to the analytical website cnews.ru in the rating of IT service providers for 2023.