Youthika Connect

Security Program

Help us keep Youthika Connect safe. Report vulnerabilities or broken features and join our mission for a secure, transparent community.

Bridging Generations in Hyderabad

About Youthika Connect

Youthika Connect is a youth-led NGO that bridges generations by connecting teenage volunteers with senior citizens to foster meaningful relationships. The organization focuses on companionship, digital literacy, healthcare support, and intergenerational bonding—in Hyderabad, India.

🤝

Intergenerational Bonding

Building bridges between youth and seniors for mutual growth and understanding.

💻

Digital Literacy

Empowering seniors with digital skills for a connected world.

❤️

Companionship & Care

Providing support, healthcare guidance, and friendship to elders.

✉️ security@youthikaconnect.orgEmail Us

Participating Systems

The following Youthika Connect systems are in scope for this security program:

🌐

Main Site

Homepage

youthikaconnect.org

📰

Events (Ghost Blog)

Events, news, and updates

events.youthikaconnect.org

💸

Donations

Donate platform → coming soon

donate.youthikaconnect.org

📊

Coming soon

More coming soon!

...youthikaconnect.org

Databases in Scope

The following databases are used by our systems and are in scope for security testing:

🗄️

PostgreSQL

Used for external services

⚡

Redis

Used for external services

💾

MySQL

Used by Ghost Blog

PII Severity Definitions

We classify data sensitivity as follows:

🔒

Critical

• Donation information
• Financial information
• Transaction informations
• Exposed passwords
• Confidential documents

🔑

High Severity

• Private email addresses
• Phone numbers and other private information

🧑‍💻

Medium Severity

• IP addresses (collected only for checking bad bots and request spam via CDN image requests)
• Full names

📝

Low Severity

• Invalid redirect links
• Broken site content

A data leak occurs when unauthorized individuals gain access to the above data due to system vulnerabilities. Publicly shared information by users is not considered a vulnerability.

Vulnerability Impact Levels

🔥

Critical

Server compromise

Root access to our infrastructure

🚪

High

Authentication Bypass

OAuth flaws, session vulnerabilities

🔍

Medium

Information Disclosure

Exposed admin panels, configuration issues

🧊

Low

XSS & Others

Cross-Site Scripting, CSRF, etc.

Special Recognition

Include Fix with Report

Submit a proposed solution along with your vulnerability report

Out of Scope

Scraping public information or account enumeration
Brute force attacks
Clickjacking without significant impact

Social engineering or phishing attacks
Self-exploitation requiring user interaction
Denial of Service causing resource exhaustion

Notice for AI Generated Reports

While AI can be a helpful tool in security research, submissions that are entirely AI-generated with no original researcher input will not be accepted. We value genuine human analysis and understanding of vulnerabilities.

How to Report

📨

Submit a Report

Submit vulnerabilities or broken features via our secure reporting form.

Submit Report →

🏅

Recognition

Digital certificate of appreciation

Other recognition

While we can't offer monetary rewards, we deeply appreciate your contributions to keeping Youthika Connect secure.

How to Get Involved

📝

Report Issues

Found a bug or vulnerability? Submit a report and help us improve.

💬

Join the Community

Connect with us on social media and join our events to make a difference.

🚀

Volunteer

Become a Youthika Connect volunteer and help drive positive change.