To Whom It May Concern:
I’m a certified penetration tester and a White hat hacker.
I found vulnerabilities on some world’s most renowned web services (Microsoft, LinkedIn, AT&T, Yahoo, Google, Dropbox, and more..) and earn from their bounty program. I would like to bring into your knowledge that, I have recently discovered some security vulnerabilities in your Web app – Which can impact your business and users.
Do you have any security reward program? How seriously you take the security of your business and users?
I will be more than happy to share the report with your developers or security officer. If you provide some reward for reporting security vulnerabilities in a responsible manner.