Call us on +1 888-DESKPRO (337-5776)
+1 888-DESKPRO (337-5776) +44 (0)20 3582 1980 +33 9 87 67 94 31 +46 10 138 86 61 +27 87 550 4908 +55 21 2042-0990 +81 3-4577-1907 +34 518 90 06 55 +353 768887738 +852 5803 7211
English Translate
Arabic Chinese (Simplified) Chinese (Traditional) Czech Danish Dutch Esperanto Finnish French German Greek Hebrew Hindi Hungarian Indonesian Italian Japanese Korean Persian Polish Portuguese Punjabi Romanian Russian Slovak Slovenian Spanish Swahili Swedish Thai Turkish Ukrainian Vietnamese Welsh
Product
One helpdesk, one price, all the latest features
Channels
Email

Every conversation is owned, transparent and resolvable.

Chat

Connect with customers and resolve issues in real time.

Voice Beta

21st century customer experience to phone support.

Social Soon

Support they need, on a platform they trust.

Components
Analyze

Actionable reporting and analytics.

Extend

Integration with 750+ other software applications.

Scale

Customer support in different languages and time-zones.

Team

Teams collaborate using instant messaging and notes.

CRM

Manage your entire userbase from within the helpdesk.

Automate

Increase the effectiveness of your support teams.

Mobile

All the features on your iOS or Android mobile device.

Help Center

24/7 help with a self-service portal and knowledgebase.

All features

See all of Deskpro`s features and customizable components.

Pricing
Customers
Solutions
By industry
Enterprise

Enterprise Provide efficient support at scale for both staff and customers.

Retail

Retail Connect and support customers at speed, across any channel.

IT Teams

IT Teams Customize a powerful helpdesk to streamline IT support and ITIL.

SMBs

SMBs Differentiate your business with incredible customer support software.

HR teams

HR teams Enable HR to create happier staff.

Education

Education Provide outstanding support for both staff and students.

Gaming

Gaming Nurture and engage with your player community.

Non Profit

Non Profit Streamline operations with affordable helpdesk software.

By role
Agent

Agent Improve agent engagement and daily productivity.

User

User Provide a frictionless support experience across all channels.

Manager

Manager Understand your team performance at-a-glance.

Admin

Admin Configure a powerful helpdesk that works for your organization.

Developer

Developer Easy to customize dynamic customer support software.

Resources
About Us News Case Studies Apps & Integrations Partners Security API & Developers Training Product Consultancy Careers Book A Demo
Support
FREE TRIAL
BUY NOW
TRY NOW
BUY NOW

Responsible Disclosure

If you are a security expert or researcher, and you believe that you have discovered a security related issue with Deskpro’s online systems, we appreciate your help in disclosing the issue to us responsibly. We ask the security research community to give us an opportunity to correct a vulnerability before publicly disclosing it.


Reporting

Please send submissions to security@deskpro.com (click here for our PGP key).

Please review our standard terms before you begin.

View our Standard Terms


Bug Bounty Program


If you are a security expert or researcher, and you believe that you have discovered a security related issue with Deskpro’s online systems, we appreciate your help in disclosing the issue to us responsibly. We ask the security research community to give us an opportunity to correct a vulnerability before publicly disclosing it.

Deskpro awards bounties based on severity and impact based on our own discretion. Here are typical reward values:

  • Critical: Awards up to $3,000. Examples: Remote Code Execution, SQL Injection
  • High: Awards up to $1,000. Examples: Significant Broken Authentication or Session Management, High-impact XSS (Stored), CSRF and Privilege Escalation on critical functionality.
  • Medium: Awards up to $500. Examples: Access Control Bypass, Privilege Escalation, Low-impact XSS, CSRF, Open URL Redirection, Directory Traversal.
  • Low: Awards up to $100. Examples: Information Leakage, Incorrect API access controls, etc.

We appreciate all submissions. Even for submissions that don't result in a payout, we are happy to recommend you via a recognized bug bounty or security website, or you can choose to be listed on our hall of fame.



Targets in Scope


Deskpro Product


The Deskpro product itself is available in two forms. You can download and run it on-premise, or we run a SaaS version of it in our cloud. The product is the same in both cases. The Deskpro Product is a helpdesk application you can run in your browser. It can broadly be split into three pieces:

  1. The public help center. This is a user portal published by an organization for use by their users or customers. For example, KB articles, news, new ticket forms, chat, etc.
  2. The agent interface: This is the main interface where staff members work. For example, answering tickets, taking chats, writing new content, etc.
  3. The agent interface: This is where admins configure the software. For example, enable or disable features, define API keys, add or remove categories, etc.

You can download Deskpro and run it locally for testing: https://www.deskpro.com/on-premise-download/. The source code for Deskpro itself is included in the download if you wish to step through it.

Alternatively, you may sign up for a free hosted trial at https://www.deskpro.com/start/


Deskpro Cloud Platform


Our Cloud Platform is the technology behind our hosted/SaaS service we run on AWS. We accept submissions about bugs relating to the infrastructure of our platform such as the servers used to run the product.

The best way to begin researching the platform is to sign up for a demo account from https://www.deskpro.com/start/. This will create an instance of the product for you, and you can use that as the basis for your research.


Exclusions

Research that involves any of the following is not allowed:

  • Denial of Service
  • Spamming / flooding
  • Social engineering (including phishing) of Deskpro staff or contractors


Non-qualifying Vulnerabilities


There are some submissions that we can't accept for rewards. These are typically issues that we already are aware of, or issues that we think demonstrate business value that outweighs low-level risk, or low-risk issues that are unlikely to result in a code change.


Here is a list of common known exclusions:

  • Descriptive error messages.
  • Information disclosure with minimal security impact (e.g. stack traces, path disclosure, directory listings, logs, robots.txt, etc)
  • Clickjacking and issues only exploitable through clickjacking that have minimal impact.
  • CSRF on forms that are available to anonymous users (e.g. the contact form).
  • CSRF with negligible security impact (e.g. adding to favourites).
  • Presence of application or web browser 'autocomplete' or 'save password' functonality.
  • Lack of Secure and HTTPOnly cookie flags.
  • Lack of Security Speedbump when leaving the site.
  • Weak or missing captcha / captcha bypass.
  • SSL Attacks such as BEAST, BREACH, Renegotiation attack; SSL Forward secrecy not enabled; SSL Insecure cipher suites.
  • Missing HTTP security headers (including Anti-MIME-Sniffing header X-Content-Type-Options) that do not lead to a direct exploitation.
  • Tab nabbing.
  • Brute-force, Rate-limiting, Velocity throttling, or other denial of service based issues
  • XSS where only possible by an administrator. E.g. administrators can modify HTML templates, that is not an example of an XSS vulnerability.
  • XSS where only possible by agents with the "can use arbitrary HTML" permission
  • Self-XSS that has no security impact (e.g. injecting HTML into your own RTE editor).
  • Reports of third-party libraries without an actual proof-of-concept. E.g. if you are aware of a vulnerable library, then you need to submit a proof-of-concept showing that our use of the library is vulnerable.
  • Out of Scope: Anything not related to the scope defined by the "Targets" section above. E.g. email spoofing, spf/dmarc/dkim, etc.
  • Paypal / Price parameter tampering (Paypal payments are handled manually by a member of our staff).
  • Weak passwork policy (password policies are controlled by the account administrator, not by us).


Special Thanks

We wish to thank the following security researchers:

Ready to get started?

Try now Book a demo

Try Deskpro for free. No credit card required. 30 second signup.

Sign Up with Google

Developing innovative helpdesk software since 2002

Connect with us here:

Product

Solutions

Resources

Support

Company

Copyright 2001 – 2021 Deskpro Ltd. All rights reserved. Company: 04249340. VAT: GB 799932937. Deskpro Ltd, 79 Hartfield Road, SW19 3ES, London, United Kingdom.