Hackazon Security Policy

Hi!

We are Deloitte Netherlands and we offer you the Hackazon services. This webpage describes the security policy of the Hackazon environment.

The Hackazon platform enables both students and professionals to refresh and improve their (technical) cyber skills through hands-on exercises and courses in its online lab environment.

The platform gives its users access to intentionally vulnerable systems and applications, in which you are allowed to find vulnerabilities. These vulnerable applications and services exist for educational purposes.

Rules of engagement

• Do not attack the Hackazon portal / scoreboard infrastructure.
• Do not use tooling that may cause Denial of Service.
• Not adhering to the rules may cause your IP address to be blocked and/or exclusion from the competition.

Refer to the "Identified security issues" section in case a vulnerability is identified on https://portal.hackazon.org or its supporting infrastructure.

Identified security issues

The Deloitte Hackazon team considers the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please do the following:

• E-mail your findings to [email protected].
• Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data,
• Do not reveal the problem to others until it has been resolved,
• Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties, and
• Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.

---

© 2021. See Disclaimer & copyright for more information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. Please see About Deloitte for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

In The Netherlands the services are provided by independent subsidiaries or affiliates of Deloitte Holding B.V., an entity which is registered with the trade register in The Netherlands under number 40346342