Tester Guide

Thank you for participate in our beta testing program

Steps:

1. Use our product(s)
2. Found a bug or issue or vulnerability? Take screenshots when you reproduce it
3. Create GitHub Issues in the master repository using the template
4. If you did hacked our server or someone else's account, please report what exactly you did so we can restore these affected/junked data
5. If you didn't found anything, you should still provide some evidence that you worked on this

Here're some example of vulnerabilities to looking at:

• Backend server's real IP address (but don't post it publicly)
• Unsensitized user-input
• Remote code-execution/file-inclusion
• View other user's non-public information
• Return back harmful data to user (e. g. XSS, cookie-stuffing)
• Overloading the server with few requests

But the scope not including these following:

• Not Implemented features If we not yet announce a new feature that means is not finished and we still working on it
• Social Engineering You should not look at our screen or password manager to steal the token!
• Brutal Force You don't have a massive botnet or quantum computer to do this computation, well actually the 1C2G server would already not responding
• Excessive Requests/Stress Test Unfortunately some service we used is consumption-based so we don't want to run out of credits in free tier. IN EXTREME CONDITION WE MAY BAN YOUR IP
• Code Style We trying to make the code looks not manually but not explicitly adhere to a style-guide or linter
• Demo Data There are some account with publicized credential for demonstration purpose