QuadX is the leading Experience Innovator in the Philippines. Launched in 2015, it specializes in cross-border digital logistics and e-commerce payment processing. QuadX is the company behind the following digital platforms:
- ShippingCart (cross-border shipping services of products from the US and UK to the Philippines and Malaysia),
- GoGo Xpress (all-in-one online payment and delivery tool for e-commerce businesses),
- PayLink (upcoming e-payment solutions)
As a business that is into building “futurepreneurs”, QuadX supports the Vulnerability Disclosure Program (VDP). VDP is a formalized method for receiving vulnerability reports from the outside world. It allows clear communication mechanism in place for researchers who are interested in reporting vulnerabilities for products and services.
In Oct 2019, QuadX launched its VDP on Secuna. Security researchers were encouraged to find security bugs on their website as they receive points to get invites to Private Programs. (Private programs are unpublished to the public and researchers can only see these programs when they receive specific invitations to probe on vulnerabilities while reports are kept confidential).
From its launch, a Secuna security researcher named ctulhu, reported an exposed sensitive credential. He was able to access the AWS S3 Bucket of Paylink, one of the digital platforms of QuadX. A critical security vulnerability, it allows malicious attackers to retrieve, upload, and remove files from the S3 bucket.
Minutes after submitting the report, the issue was immediately addressed. Thanks to the security researcher, the vulnerability was fixed a few hours later. In return, the Secuna researcher gained the points needed to Top the Leaderboards at the platform.
This year, QuadX is set to launch the Bug Bounty Program (BBP) in the Secuna platform. Hence, the celebration for secured application continues in the coming year. This time, monetary rewards will be paid to researchers as an incentive for any critical flaws found on their website.
Secuna is the first and only community-powered cybersecurity testing platform in the Philippines helping startups and SMEs by connecting them to vetted security researchers to find and fix security vulnerabilities before they can be exploited by cybercriminals.