About Us

Welcome to our website! We are a non-profit education company dedicated to providing free notes and study materials for undergraduate B.Tech students. Our mission is to address the challenges faced by students and help them succeed in their academic journey.

We understand the difficulties students encounter during their studies, and we strive to alleviate these challenges by offering comprehensive resources and support. Whether it's complex concepts, exam preparation, or career guidance, we are here to assist you every step of the way.

At our core, we believe in the power of education to transform lives and communities. That's why we're committed to making quality educational resources accessible to all, regardless of financial constraints. Together, let's empower students to reach their full potential and shape a brighter future.

Gradamic Security

Report Security Vulnerabilities:

If you have identified a security vulnerability or bug in our system, please report it to us immediately by sending an email to gradamic.info@gmail.com.

We take security seriously and will investigate all reported issues promptly. Our Safe Harbor policy ensures that researchers who report vulnerabilities in accordance with responsible disclosure principles will not be subject to legal action.

We acknowledge and appreciate the contributions of security researchers. With your permission, we will publicly acknowledge your name or alias in our acknowledgment section for helping us improve the security of our platform.

Overview:

While we are doing our best to keep Gradamic as safe as possible, we know that some bugs can slip through our scrutiny. If you believe you've found a security issue in the services listed in our scope, we will work with you to resolve it promptly and ensure you are fairly acknowledged for your discovery.

Scope:

The scope of this program is limited to security vulnerabilities found on :

*.gradamic.com

Access:

While testing, please use your own email, so it'll easy for us to verify you later on.

Reward:

As we are a non-profit organization, we do not offer monetary payouts. However, we acknowledge and appreciate the contributions of security researchers. With your permission, we will publicly acknowledge your name or alias in our acknowledgment section for helping us improve the security of our platform.

Eligibility and Responsible Disclosure:

We are happy to work with everyone who submits valid reports which help us improve the security of Gradamic. However, only those that meet the following eligibility requirements may receive recognition:

  • You need to be the first person to report an unknown issue
  • Any vulnerability found must be reported no later than 24 hours after discovery.
  • You are not allowed to disclose details about the vulnerability anywhere else.
  • You must avoid tests that could cause degradation or interruption of our service.
  • You must not leak, manipulate, or destroy any user data.
  • You are only allowed to test against accounts you own yourself.
  • The use of automated tools or scripted testing is not allowed.
  • You must not be a former or current Gradamic team member.
Qualifying Vulnerabilities:

Please note these are examples, and this list is non-exhaustive.

Vulnerabilities with a real security impact, such as:

  • Easy (zero to one click) user account takeover
  • Backend interface takeover
  • Server takeover (or potential takeover)

The following are strictly prohibited:

  • Network or simple Denial of Service attacks.
  • Physical attacks against offices and data centers.
  • Social engineering of our service desk, employees or contractors.
  • Compromise of a Gradamic user's or employee's account.
  • Automated tools or scans, botnet, compromised site, end-clients, or any other means of large automated exploitation or use of a tool that generates a significant volume of traffic.
Non-Qualifying Vulnerabilities:

This type of issues can be accepted if they lead to a serious data leak.

  • Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions
  • Account enumeration
  • Missing HTTP Headers
  • SSL/TLS best practices
  • Denial of Service and brute-forcing attacks
  • Physical attacks against offices and data centers
  • Social engineering of our service desk, employees or contractors
  • Compromise of a Gradamic user's or employee's accounts
  • Use of a tool that generates a significant volume of traffic
  • Any hypothetical flaw or best practices without exploitable POC
  • Session timeout
  • Rate Limits Issues
  • Session Hijacking (cookie reuse)
  • Click-jacking
  • DKIM/SPF/DMARC issues
  • Information leakage, data cached in search engines or the web archive
  • Software version disclosure
  • HttpOnly, SameSite, and Secure cookie flags
  • Confirmation Email (anything related with)
Safe Harbor:

Any activities conducted in a manner consistent with this policy will be considered authorized conduct, and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep Gradamic and our users safe!