Peace of mind from security’s ethical hackers greatest minds
Increase your resistance to attack by tapping the world’s top ethical hackers. Understand your attack surface, hunt bugs, test apps, and fix vulnerabilities before anyone else knows they exist.
HackerOne The HackerOne Blog
- Announcing the Results of Hack U.S.by HackerOne on September 29, 2022 at 1:00 pm
On July 4th, 2022, Chief Digital and Artificial Intelligence Office (CDAO), Directorate for Digital Services (DDS), DoD Cyber Crime Center (DC3), and HackerOne publicly launched the “Hack U.S.” bug bounty challenge, allowing ethical hackers from around the globe to earn monetary rewards for reporting of critical and high vulnerabilities from within the DoD Vulnerability Disclosure Program (VDP) published scope.
- Use Hackerone’s Enhanced Pentest as a Service to Streamline Security Testingby Sean Ryan on September 27, 2022 at 11:00 pm
- Rise of Internet Bug Bountyby [email protected] on September 23, 2022 at 5:23 pm
- Introducing Unified HackerOne Scope Management with Burp Suite Supportby Tim Matthews on September 15, 2022 at 10:00 pm
- Ambassador Spotlight: Adnan Malikby [email protected] on August 23, 2022 at 5:00 pm
- Corb3nik Introduces Caido!by [email protected] on August 7, 2022 at 3:35 am
- Hacking in Sun and Snow H1-303 Coloradoby [email protected] on August 6, 2022 at 3:30 pm
- H1-702 Las Vegas Day 3: Switching Up Scopesby [email protected] on August 6, 2022 at 4:00 am
- H1-702 Las Vegas Day 2: Hacking with Zoomby [email protected] on August 5, 2022 at 4:37 am
- H1-702 Las Vegas Day 1: [email protected]by [email protected] on August 4, 2022 at 2:24 am
- H1-702 Las Vegas Day 0: Setupby [email protected] on August 2, 2022 at 11:06 pm
- PayPal’s Third LHE Brings Top Global Hackers to the Virtual Stageby [email protected] on July 29, 2022 at 6:09 pm
After ten years of partnering with hackers, PayPal is a leader in cybersecurity and hacker relationship building. We were thrilled to work with PayPal once again to uncover new ways to reduce their risk and build proactive security practices.
- Benchmark Analysis: Annual Pentest and Code Review Coverageby Sean Ryan on July 14, 2022 at 4:00 pm
- 5 Articles to Get You Up-to-Speed on Bug Bounty Programsby HackerOne on July 7, 2022 at 7:00 pm
Many organizations use bug bounty programs to help them protect their ever-expanding attack surface and achieve attack resistance. Bug bounties, with ethical hackers at the helm, uncover critical and severe vulnerabilities before bad actors and deliver better protection against cyberattacks. But what is a bug bounty, and should your organization have one?
- Ten Rules to be Successful in Your Bug Bounty Careerby [email protected] on July 6, 2022 at 3:45 pm
- Security Highlights: New CWE Rankings, Software Supply Chains, and Side-Channel Attacksby HackerOne on July 5, 2022 at 5:00 pm
- 5 Security Stages of the DevSecOps Pipelineby HackerOne on June 28, 2022 at 6:59 pm
DevSecOps builds on modern DevOps practices by incorporating security processes and automation into the development pipeline. This enables development teams to continue the rapid and continuous delivery trend while improving software assets’ security. The DevSecOps pipeline follows the familiar DevOps “infinity loop” structure while incorporating some extra steps to ensure code security before, during, and after it’s pushed to production.
- Hacker’s Health: Adverse Effects of Doomscrollingby Pamela Greenberg on June 27, 2022 at 3:45 pm
- HackerOne’s In-Depth Approach to Vulnerability Triage and Validationby Naz Bozdemir on June 23, 2022 at 4:00 pm
- DevSecOps vs DevOps: What is the Difference?by HackerOne on June 23, 2022 at 4:00 pm
DevSecOps can dramatically reduce cyber risk for organizations—particularly those that rely on internal development for a competitive advantage.
- The Most Overlooked Server Permission Checksby Tyler Mann on June 23, 2022 at 4:00 pm
- How Bug Bounty Uncovered A 5-Year-Old Vulnerability In Hoursby Tyler Mann on June 16, 2022 at 11:00 am
- Live Hacking Event Invitations – 2022 Guideby [email protected] on June 15, 2022 at 3:17 am
- CISOs: Do You Know the Security Risks of Your Organization’s Next M&A?by Chris Evans on June 14, 2022 at 4:00 pm
An ever-expanding attack surface is a global concern for most organizations and complicates an M&A, especially for CISOs. The M&A prospect may have a partially unprotected attack surface, thus increasing security risk coming in the form of a gap between the attack surface they can and do protect and the attack surface (and accompanying assets) they need to defend. This gap is what many M&A prospects bring to the table. And while an M&A may have undisputed business and strategic value, CISOs must still address the security risks involved in acquiring another organization’s assets and its current attack surface, fully protected or not.
- H1 Community Team: Your Hacker Alliesby [email protected] on June 13, 2022 at 5:41 pm
- Community at HackerOne: What’s to Comeby [email protected] on June 13, 2022 at 5:40 pm
- The Top 5 Most Common Security Issues I Discover When Reviewing Codeby William Barrett on June 10, 2022 at 4:00 pm
- How to Catch Injection Security Vulnerabilities in Code Reviewby William Barrett on June 9, 2022 at 4:00 pm
Injection vulnerabilities result from insecure handling of user inputs. They are relatively simple to fix once the underlying issues that cause them are understood, and are frequently found by experienced reviewers who know what to look for. The prevalence of injection vulnerabilities today is one of the best arguments for continuing to perform code review in many organizations—this type of vulnerability is most frequently caught through human inspection of the offending code.
- Severe Confluence Vulnerability is an Active Threat (CVE-2022-26134)by HackerOne on June 6, 2022 at 8:20 pm
- How Critical Infrastructure Can be Protected from Threatsby Christopher Dickens on June 2, 2022 at 4:00 pm
Accessing a major critical infrastructure network is very appealing to cybercriminals, as they can maximize societal impact and demand large ransom sums to fix tampered systems. With recent high-profile attacks, including that against the Colonial Pipeline in March 2021, it has become clear that the organizations handling critical infrastructure networks are now in the firing line. Critical infrastructure is vulnerable to both threat groups that are evolving their tactics and public scrutiny if they do not remain transparent when an attack occurs.