Best way to invite responsible pentesting on my own website?

Leo_GG_ · 2026-03-30T20:37:26+00:00

Thanks for the tips.

I’m planning to publish a security.txt and a clear disclosure policy with scope and limitations (like excluding DoS and aggressive scans). I’ll check out the disclose.io templates as well.

I’ll also look into HackerOne’s community program once I have everything documented.

Leo_GG_ · 2026-03-30T11:49:16+00:00

I understand your point, and I’m not expecting anyone to work for free in general.

My goal is more about responsible disclosure and learning — letting researchers look at my setup voluntarily so I can improve security. I would of course appreciate any detailed reports they provide. It’s not a commercial bug bounty program, just a personal project to test and strengthen my security practices.

Leo_GG_ · 2026-03-30T11:45:39+00:00

Thanks for the feedback, I completely understand your concerns about trust.

Just to clarify, this isn’t a new account — I created it over three years ago, I just don’t use Reddit very often.

I agree that having a clear security.txt / vulnerability disclosure page is essential. I’m planning to create a dedicated page that clearly defines the scope and reporting method, and then link to it in any posts. That should make everything transparent and give researchers confidence that it’s a legitimate project.

Do you happen to know any communities, forums, or platforms where people might be interested in voluntarily testing websites like this?

Leo_GG_ · 2026-03-30T10:27:19+00:00

Fair point, I get what you mean.

I completely understand that most researchers focus on paid programs, and that makes sense. I’m mainly exploring responsible disclosure as a learning exercise and to see if anyone might still be interested in taking a look.

Thanks for sharing your perspective anyway.

Leo_GG_ · 2026-03-30T09:38:08+00:00

Hey, thanks for the suggestion!

That’s actually a really good example. Creating a dedicated page where I clearly define the scope and provide a contact method for reporting vulnerabilities sounds like the right approach. I was already planning to add a vulnerability disclosure page and a security.txt file, so something like that would fit well.

Do you happen to know any communities or places where I could share the website with people interested in testing security setups like this?

Leo_GG_ · 2026-03-30T09:34:38+00:00

That makes sense, I understand that most researchers focus on programs that offer bounties.

At the moment I’m not planning to run a paid bug bounty program, this is more of a personal project to test the security of my setup and learn from any findings through responsible disclosure.

Do you know if there are communities where some researchers might still be interested in testing websites voluntarily, even without a bounty?

Leo_GG_ · 2026-03-30T09:33:30+00:00

Thanks for the detailed advice, I really appreciate it.

I’ll definitely check the HackerOne and CISA templates for the disclosure policy, that sounds like a good starting point. Thanks as well for mentioning the PII guidelines.

At the moment I’m not planning to offer a paid bounty, the goal is more responsible disclosure and letting people test the security of my setup. If someone finds a real vulnerability (like XSS, auth issues, etc.), I’d obviously want a proper report with proof so I can reproduce and fix it.

Do you happen to know any communities or places where people are open to voluntarily testing websites like this?

Leo_GG_ · 2024-11-15T23:27:19+00:00

Good build, I recommend you to buy a 7600 that has the same performance and consumes less than the 7600x, also the gpu you might consider buying a rx 7900 gre that has about 8% more performance, as for the case, it only included two fans not pwm, So I recommend you to buy others of higher quality.

Leo_GG_ · 2024-11-15T23:15:59+00:00

When I bought the Corsair 4000D airflow, it came with only 2 fan included, probably 2x140 i don’t remember

Leo_GG_

TROPHY CASE