Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Adds On-premises Exchange, SharePoint to Bug Bounty Program

Microsoft Adds On-premises Exchange, SharePoint to Bug Bounty Program

Microsoft has announced that Exchange, SharePoint, and Skype for Business on-premises are now part of the Applications and On-Premises Servers Bounty Program starting today.

With the expansion of this bug bounty program, security researchers who find and report vulnerabilities affecting on-premises servers are eligible for awards ranging from $500 up to $26,000.

“The Microsoft Applications and On-Premises Servers Bounty Program invites researchers across the globe to identify vulnerabilities in specific Microsoft applications and on-premise servers and share them with our team,” the company says.

“Higher awards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission.”

Also Read: Data Protection Act of Singapore: Validity in the Post-pandemic World

The Microsoft Security Response Center (MSRC) team also said that security researchers could be awarded higher rewards based on severity multipliers stemming from reported vulnerabilities’ impact.

“The bounty also includes high-impact scenarios offering the highest awards to research in areas with the highest potential impact on customer security,” the MSRC team added.

“The goal of the bounty program is to uncover significant technical vulnerabilities that have a direct and demonstrable impact on the security of our customers using the latest version of the application,” Microsoft further explained.

Also Read: National Cybersecurity Awareness Campaign of Singapore: Better Cyber Safe than Sorry

Security Impact Severity Multiplier 
EXCHANGE ONLY: Server-Side Request Forgery allows an attacker to make server-side HTTP requests to arbitrary URLs. 20% 
SHAREPOINT ONLY: Authenticated Server-Side Request Forgery allows an attacker to make authenticated server-side HTTP requests to arbitrary URL 20% 
Insecure deserialization of user-controllable data, leading to remote code execution on server 30% 
Arbitrary file write of user-controlled data on user-controlled location on the server.   20% 
Authentication bypass allows for unauthenticated exploitation which results in mass exploitation of vulnerabilities 20% 
Vulnerabilities within Exchange Emergency Mitigation Service (EEMS) 15% 

More information about award amounts, in-scope apps and on-premise servers is available on the Applications and On-Premises Servers Bounty Program page.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us