Any design or implementation issue that affects the confidentiality or integrity of customer or SDK user data is likely to be in scope for the program.
Common examples include:
- Cross-Site Scripting
- Cross-Site Request Forgery - CSRF/ XSRF
- Authentication or Authorization flaws
- Remote Code Execution - Servers
- Remote Code Execution - SDK
- Access of internal company web pages via installed SDK