caon.io
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Scope

A scope can be defined as of the limit of where your research should go, if you ever find a bug, this must reside inside the scope, otherwise, the finding is not valid.

Example of scope

In-Scope Out of scope
example.com subdomain.example.com
*-dev.example.com

The scope above states that example.com and www.example.com are valid (www is a subdomain, example.com points to www by default).

Any subdomain under -dev.example.com is valid as well, the wildcard symbol (*) states that anything is valid. So, test-dev.example.com, app-dev.example.com are valid but app.example.com is not because the subdomain does not have the -devpart.

Some programs offer a wildcard scope, in those cases, it is a good idea to keep an eye in Out of scope domains. See the example:

In-Scope Out of scope
*.website.com wow.website.com
ie.website.com

As written, website.com has a wildcard scope, meaning every subdomain is valid, except for those who are in the Out of scope list, which are wow.website.com and ie.website.com