Security Policy

Reporting Security Vulnerabilities

I take the security of my website and services seriously. If you discover a security vulnerability, I appreciate your help in disclosing it to me in a responsible manner.

How to Report

• Email: ahnafnafee@gmail.com
• LinkedIn: linkedin.com/in/ahnafnafee

What to Include

Please include the following information in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any suggested fixes or mitigations
• Your contact information for follow-up

Response Timeline

• Initial Response: Within 48 hours of receiving your report
• Assessment: Within 7 days, I will assess the vulnerability and provide an initial response
• Resolution: Critical vulnerabilities will be addressed within 30 days
• Disclosure: After the vulnerability is fixed, we can discuss public disclosure

Scope

This security policy applies to:

• The main website: ahnafnafee.dev
• All subdomains of ahnafnafee.dev
• Associated services and APIs

Out of Scope

The following are considered out of scope:

• Social engineering attacks
• Physical attacks
• Denial of Service (DoS) attacks
• Issues in third-party services not directly controlled by me
• Vulnerabilities requiring physical access to devices

Recognition

I believe in recognizing security researchers who help improve the security of my services. With your permission, I may acknowledge your contribution in:

• A security acknowledgments page
• Social media recognition
• Professional recommendations on LinkedIn

Legal

I will not pursue legal action against security researchers who:

• Follow responsible disclosure practices
• Do not access or modify user data
• Do not disrupt services
• Report vulnerabilities in good faith

Contact Information