Program Removed
This program is no longer available on Bugcrowd. The scope data shown below is historical and may not reflect the final state of the program.
asana
20
In Scope
12
Out of Scope
In-Scope Assets (20)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.app.asana.com | URL | Yes | ||
| *.asana.biz | OTHER | Yes | - | |
| app.asana.com | WILDCARD | Yes | ||
| asana.biz | WILDCARD | Yes | ||
| asana.biz | WILDCARD | Yes | ||
| https://app.asana.com | URL | Yes | ||
| https://app.asana.com | URL | Yes | ||
| https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | Yes | - | |
| https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | Yes | - | |
| https://asana.com | URL | Yes | ||
| https://asana.com | URL | Yes | ||
| https://asana.com/apps?category=made-by-asana | URL | Yes | ||
| https://asana.com/apps?category=made-by-asana | URL | Yes | ||
| https://asana.com/download | URL | Yes | ||
| https://asana.com/download | OTHER | Yes | - | |
| https://form.asana.com | URL | Yes | ||
| https://form.asana.com | URL | Yes | ||
| https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | Yes | ||
| https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | Yes | ||
| subdomain takeover at *asana.biz | OTHER | Yes | - |
Out-of-Scope Assets (12)
| Asset | Category | Bounty | |
|---|---|---|---|
| asana.okta.com | URL | Yes | |
| asana.okta.com | URL | Yes | |
| assets.asana.biz | URL | Yes | |
| assets.asana.biz | URL | Yes | |
| forms that you do not own | OTHER | Yes | |
| forms that you do not own | OTHER | Yes | |
| jira*.integrations.asana.plus | URL | Yes | |
| jira*.integrations.asana.plus | URL | Yes | |
| other subdomains of asana.com | URL | Yes | |
| other subdomains of asana.com | URL | Yes | |
| social engineering against asana support or asana employees | OTHER | Yes | |
| social engineering against asana support or asana employees | OTHER | Yes |
Scope Changes (181)
Jun 26, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Program Removed | — | — | — | 06:34 |
Jun 23, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | forms that you do not own | OTHER | Out of Scope | 09:32 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 09:32 |
| Added | https://asana.com/download | URL | In Scope | 09:32 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 09:32 |
| Added | asana.okta.com | URL | Out of Scope | 09:32 |
| Added | other subdomains of asana.com | URL | Out of Scope | 09:32 |
| Added | subdomain takeover at *asana.biz | WILDCARD | In Scope | 09:32 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 09:32 |
| Added | https://app.asana.com | URL | In Scope | 09:32 |
| Added | assets.asana.biz | URL | Out of Scope | 09:32 |
| Added | *.app.asana.com | WILDCARD | In Scope | 09:32 |
| Added | https://form.asana.com | URL | In Scope | 09:32 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 09:32 |
| Added | https://asana.com | URL | In Scope | 09:32 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 09:32 |
| Added | *.asana.biz | WILDCARD | In Scope | 09:32 |
| Added | forms that you do not own | OTHER | Out of Scope | 09:32 |
| Added | assets.asana.biz | URL | Out of Scope | 09:32 |
| Added | asana.okta.com | URL | Out of Scope | 09:32 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 09:32 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 09:32 |
| Added | other subdomains of asana.com | URL | Out of Scope | 09:32 |
| Added | subdomain takeover at *asana.biz | OTHER | In Scope | 09:32 |
| Added | https://form.asana.com | URL | In Scope | 09:32 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 09:32 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 09:32 |
| Added | https://asana.com/download | OTHER | In Scope | 09:32 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 09:32 |
| Added | https://asana.com | URL | In Scope | 09:32 |
| Added | https://app.asana.com | URL | In Scope | 09:32 |
| Added | *.app.asana.com | URL | In Scope | 09:32 |
| Added | *.asana.biz | OTHER | In Scope | 09:32 |
| Program Removed | — | — | — | 08:41 |
| Added | *.asana.biz | WILDCARD | In Scope | 07:31 |
| Added | https://app.asana.com | URL | In Scope | 07:31 |
| Added | https://asana.com | URL | In Scope | 07:31 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 07:31 |
| Added | https://asana.com/download | OTHER | In Scope | 07:31 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 07:31 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 07:31 |
| Added | https://form.asana.com | URL | In Scope | 07:31 |
| Added | *.app.asana.com | URL | In Scope | 07:31 |
| Added | *.asana.biz | OTHER | In Scope | 07:31 |
| Added | other subdomains of asana.com | URL | Out of Scope | 07:31 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 07:31 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 07:31 |
| Added | asana.okta.com | URL | Out of Scope | 07:31 |
| Added | assets.asana.biz | URL | Out of Scope | 07:31 |
| Added | forms that you do not own | OTHER | Out of Scope | 07:31 |
| Added | https://app.asana.com | URL | In Scope | 07:31 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 07:31 |
| Added | https://form.asana.com | URL | In Scope | 07:31 |
| Added | *.app.asana.com | WILDCARD | In Scope | 07:31 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 07:31 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 07:31 |
| Added | subdomain takeover at *asana.biz | WILDCARD | In Scope | 07:31 |
| Added | asana.okta.com | URL | Out of Scope | 07:31 |
| Added | https://asana.com/download | URL | In Scope | 07:31 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 07:31 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 07:31 |
| Added | assets.asana.biz | URL | Out of Scope | 07:31 |
| Added | forms that you do not own | OTHER | Out of Scope | 07:31 |
| Added | https://asana.com | URL | In Scope | 07:31 |
| Added | other subdomains of asana.com | URL | Out of Scope | 07:31 |
| Added | subdomain takeover at *asana.biz | OTHER | In Scope | 07:31 |
| Program Removed | — | — | — | 06:41 |
Jun 17, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://app.asana.com | URL | In Scope | 11:30 |
| Added | assets.asana.biz | URL | Out of Scope | 11:30 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 11:30 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 11:30 |
| Added | https://app.asana.com | URL | In Scope | 11:30 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 11:30 |
| Added | subdomain takeover at *asana.biz | WILDCARD | In Scope | 11:30 |
| Added | *.app.asana.com | WILDCARD | In Scope | 11:30 |
| Added | https://asana.com | URL | In Scope | 11:30 |
| Added | forms that you do not own | OTHER | Out of Scope | 11:30 |
| Added | asana.okta.com | URL | Out of Scope | 11:30 |
| Added | other subdomains of asana.com | URL | Out of Scope | 11:30 |
| Added | *.asana.biz | WILDCARD | In Scope | 11:30 |
| Added | https://form.asana.com | URL | In Scope | 11:30 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 11:30 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 11:30 |
| Added | https://asana.com/download | URL | In Scope | 11:30 |
| Added | forms that you do not own | OTHER | Out of Scope | 11:30 |
| Added | assets.asana.biz | URL | Out of Scope | 11:30 |
| Added | asana.okta.com | URL | Out of Scope | 11:30 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 11:30 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 11:30 |
| Added | other subdomains of asana.com | URL | Out of Scope | 11:30 |
| Added | subdomain takeover at *asana.biz | OTHER | In Scope | 11:30 |
| Added | *.asana.biz | OTHER | In Scope | 11:30 |
| Added | *.app.asana.com | URL | In Scope | 11:30 |
| Added | https://form.asana.com | URL | In Scope | 11:30 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 11:30 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 11:30 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 11:30 |
| Added | https://asana.com | URL | In Scope | 11:30 |
| Added | https://asana.com/download | OTHER | In Scope | 11:30 |
| Program Removed | — | — | — | 10:34 |
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | other subdomains of asana.com | URL | Out of Scope | 22:28 |
| Added | assets.asana.biz | URL | Out of Scope | 22:28 |
| Added | forms that you do not own | OTHER | Out of Scope | 22:28 |
| Added | https://form.asana.com | URL | In Scope | 22:28 |
| Added | *.asana.biz | WILDCARD | In Scope | 22:28 |
| Added | assets.asana.biz | URL | Out of Scope | 22:28 |
| Added | https://asana.com | URL | In Scope | 22:28 |
| Added | *.app.asana.com | WILDCARD | In Scope | 22:28 |
| Added | subdomain takeover at *asana.biz | WILDCARD | In Scope | 22:28 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 22:28 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 22:28 |
| Added | forms that you do not own | OTHER | Out of Scope | 22:28 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 22:28 |
| Added | https://asana.com/download | URL | In Scope | 22:28 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 22:28 |
| Added | asana.okta.com | URL | Out of Scope | 22:28 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 22:28 |
| Added | https://app.asana.com | URL | In Scope | 22:28 |
| Added | https://app.asana.com | URL | In Scope | 22:28 |
| Added | https://asana.com | URL | In Scope | 22:28 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 22:28 |
| Added | https://asana.com/download | OTHER | In Scope | 22:28 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 22:28 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 22:28 |
| Added | https://form.asana.com | URL | In Scope | 22:28 |
| Added | *.app.asana.com | URL | In Scope | 22:28 |
| Added | *.asana.biz | OTHER | In Scope | 22:28 |
| Added | subdomain takeover at *asana.biz | OTHER | In Scope | 22:28 |
| Added | other subdomains of asana.com | URL | Out of Scope | 22:28 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 22:28 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 22:28 |
| Added | asana.okta.com | URL | Out of Scope | 22:28 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | other subdomains of asana.com | URL | Out of Scope | 19:11 |
| Added | https://asana.com/download | URL | In Scope | 19:11 |
| Added | *.app.asana.com | WILDCARD | In Scope | 19:11 |
| Added | *.asana.biz | WILDCARD | In Scope | 19:11 |
| Added | subdomain takeover at *asana.biz | WILDCARD | In Scope | 19:11 |
| Added | https://app.asana.com | URL | In Scope | 19:11 |
| Added | https://asana.com | URL | In Scope | 19:11 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 19:11 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 19:11 |
| Added | https://form.asana.com | URL | In Scope | 19:11 |
| Added | assets.asana.biz | URL | Out of Scope | 19:11 |
| Added | forms that you do not own | OTHER | Out of Scope | 19:11 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 19:11 |
| Added | asana.okta.com | URL | Out of Scope | 19:11 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 19:11 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 19:11 |
| Program Removed | — | — | — | 17:22 |
| Added | https://asana.com | URL | In Scope | 17:00 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 17:00 |
| Added | https://asana.com/download | OTHER | In Scope | 17:00 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 17:00 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 17:00 |
| Added | https://form.asana.com | URL | In Scope | 17:00 |
| Added | *.app.asana.com | URL | In Scope | 17:00 |
| Added | *.asana.biz | OTHER | In Scope | 17:00 |
| Added | subdomain takeover at *asana.biz | OTHER | In Scope | 17:00 |
| Added | other subdomains of asana.com | URL | Out of Scope | 17:00 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 17:00 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 17:00 |
| Added | asana.okta.com | URL | Out of Scope | 17:00 |
| Added | assets.asana.biz | URL | Out of Scope | 17:00 |
| Added | forms that you do not own | OTHER | Out of Scope | 17:00 |
| Added | https://app.asana.com | URL | In Scope | 17:00 |
| Added | forms that you do not own | OTHER | Out of Scope | 17:00 |
| Added | https://apps.apple.com/us/app/asana-mobile/id489969512 | IOS | In Scope | 17:00 |
| Added | *.asana.biz | WILDCARD | In Scope | 17:00 |
| Added | subdomain takeover at *asana.biz | WILDCARD | In Scope | 17:00 |
| Added | other subdomains of asana.com | URL | Out of Scope | 17:00 |
| Added | https://asana.com/download | URL | In Scope | 17:00 |
| Added | social engineering against asana support or asana employees | OTHER | Out of Scope | 17:00 |
| Added | asana.okta.com | URL | Out of Scope | 17:00 |
| Added | https://app.asana.com | URL | In Scope | 17:00 |
| Added | https://asana.com | URL | In Scope | 17:00 |
| Added | https://play.google.com/store/apps/details?id=com.asana.app&hl=en | ANDROID | In Scope | 17:00 |
| Added | https://asana.com/apps?category=made-by-asana | URL | In Scope | 17:00 |
| Added | https://form.asana.com | URL | In Scope | 17:00 |
| Added | *.app.asana.com | WILDCARD | In Scope | 17:00 |
| Added | jira*.integrations.asana.plus | URL | Out of Scope | 17:00 |
| Added | assets.asana.biz | URL | Out of Scope | 17:00 |