HackerOne The HackerOne Blog
- What To Do When You Don’t Know You’ve Been Compromisedby Michiel Prins on May 7, 2021 at 12:00 am
On World Password Day, I’m not going to talk about passwords. At the end of last year, HackerOne ran an exclusive campaign with a select group of hackers in which we challenged them to look for information exposures for 11 customers. The data found by the hackers included everything from passwords and authentication tokens to sensitive documents. No matter how secure your passwords are, your data is out there in different clouds and across various third-party vendors — it’s only a matter of time before a leak puts your brand at risk.
- The 5 Secrets Of A Mature Vulnerability Management Programby Anonymous on May 5, 2021 at 12:00 am
During HackerOne’s recent series of webinars, we caught up with Matt Southworth, CISO of Priceline, and Matt Adams, Global Security Architect at Costa Coffee, to learn their 5 secrets to building a highly effective vulnerability management program.
- Saxo Bank Celebrates One Year of Bug Bounties: Q&A with CISO Mads Syska Haslingby HackerOne on May 3, 2021 at 3:00 pm
One year after launching their private bug bounty program on HackerOne, we sat down with financial services provider Saxo Bank’s CISO, Mads Syska Hasling, to get his insights and learnings from 12 months with a bug bounty program. Read on to see how Saxo Bank thinks about digital security as a non-negotiable for their customers and partners, how bug bounty fits into the broader security program, and advice to other CISOs and stakeholders on leveraging hacker-powered security.
- Hacker Spotlight AMA: Wolf101by HackerOne on April 30, 2021 at 7:00 pm
Hacker @Wolf101 shares his predictions on the future of bug bounties and tips on getting started.
- How HackerOne Helps the Vulnerability Management Processby Anonymous on April 29, 2021 at 4:00 pm
HackerOne sees vulnerability management as a process combining software tools and security analyst actions to reduce risk. In many cases, successful Vulnerability Management requires a joint effort between security operations, who find vulnerabilities, and IT operations responsible for fixing, or patching, vulnerabilities.
- A Security Engineer and Hacker Share Their Experiences with Security Assessmentsby HackerOne on April 27, 2021 at 4:00 pm
A few weeks ago, HackerOne and PortSwigger teamed up to shine a light on the innovative ways that customers and security analysts are scaling risk assessments. Read on for key learnings.
- Hacker Spotlight AMA: debsecby HackerOne on April 23, 2021 at 4:00 pm
Chilean hacker @debsec shares his secrets to program selection and the best way to choose your scope in this week’s Hacker Spotlights.
- HackerOne Product Enhancements Help Detect, Remediate, and Analyze Cloud Misconfigurationsby HackerOne on April 22, 2021 at 1:00 pm
HackerOne has rolled out new product features to secure cloud workloads, investigate and respond to vulnerability trends, and answer auditors’ questions all in one place. Read on for details!
- Why we sold our founding vulnerability as an NFTby HackerOne on April 20, 2021 at 4:30 pm
HackerOne sold our founding vulnerability as an NFT and donated the proceeds — 3.3 ETH / $7,086.19 — to Hack the Hood. Read on to learn why!
- Hacker Spotlight AMA: none_of_the_aboveby HackerOne on April 16, 2021 at 5:00 pm
This week’s Hacker Spotlight features @none_of_the_above, a Latin American hacker who shares his tips to succeed in cybersecurity.
- Reddit’s Public Bug Bounty Program Kicks Off: Q&A with Reddit’s Allison Miller and Spencer Koch, and top program hacker @renekrokaby HackerOne on April 14, 2021 at 3:00 pm
HackerOne sat down with Reddit’s CISO and VP of Trust, resident Security Wizard, and top hacker to discover the secrets to Reddit’s bug bounty success, explore their goals and key results, delve into how they use hackers to scale security across software development, and gain a unique perspective about what it’s like to hack one of the world’s leading social networks.
- Hacker Spotlight AMA: niemand_secby HackerOne on April 9, 2021 at 4:00 pm
Pentester, independent consultant and bug hunter, @niemand_sec is featured in this week’s edition of Hacker Spotlights.
- [email protected] 2021 Call for Speakers is Open
- Hacker Spotlight: Interview with edduuby johnk on April 2, 2021 at 5:00 pm
Latin America hacker, @edduu shares his in-depth thinking on how to maximize reports for larger bounty earnings and what it means to be a hacker in Latin America.
- The Rise of IDORby HackerOne on April 2, 2021 at 3:00 pm
Insecure Direct Object References (or IDOR) is a simple bug that packs a punch. Discover where they’re most common, explore real-world examples, and learn prevention tips from hackers.
- Hacker Spotlight: Interview with manoeltby johnk on March 26, 2021 at 2:00 pm
Brazillian CTF player and hacker, @maneolt is featured in this week’s Hacker Spotlight.
- PayPal is our Virtual Palby johnk on March 19, 2021 at 7:45 pm
HackerOne’s second virtual live hacking event with event partners, PayPal to share experiences from the event.
- Hacker Spotlight: Interview with p3rr0by johnk on March 19, 2021 at 7:05 pm
Latin America based hacker, @p3rr0 shares his story from not knowing about bug bounties to making an income.
- Hacker Spotlight: Interview with Samuxby johnk on March 12, 2021 at 4:00 pm
Hacker from Santiago, Chile shares his journey in pentesting and bug bounties in this edition of Hacker Spotlights.
- Discovering Three Personas within the Hacker Communityby HackerOne on March 9, 2021 at 10:00 pm
With over one million hackers making up the HackerOne community, there’s more diversity of skill, approach, and personality than any security team in the world. At the launch of the 2021 Hacker Report, we catch up with three hackers, representing three very different approaches to hacking: the pentester, the VDP hacker and the bounty hunter.
- Hacker Spotlight: Interview with bugdiscloseguysby johnk on March 5, 2021 at 3:00 pm
Your neighborhood hacker as he claims himself, @bugdiscloseguys is featured in this week’s Hacker Spotlight blog post series.
- Commerce Giant Shopify Kicks Off 2021 with HackerOne (Virtual) Live Hacking Event: h1-2102by johnk on March 1, 2021 at 11:00 pm
HackerOne’s first virtual live hacking event of the year kicked off with Shopify in January 2021. Read this blog post to learn more about how Shopify builds relationships with hackers through live events like h1-2102, and find out who the award winners are.
- Hacker Spotlight: Interview with Geekboyby johnk on February 26, 2021 at 2:00 pm
“Always be curious about what you’re trying to learn.” @Geekboy is featured in this week’s Hacker Spotlight sharing his background and insights on hacking and bug bounties.
- The Rise of Misconfiguration and Supply Chain Vulnerabilitiesby Jobert Abma on February 26, 2021 at 4:51 am
The vulnerability of supply chains has been top of mind since the SolarWinds attack, which still dominates headlines, but last week’s Singtel breach also reflects the rise of breaches triggered by misconfiguration vulnerabilities.
- Hacker Spotlight: Interview with dkdby johnk on February 19, 2021 at 3:00 pm
This week’s hacker spotlight features @dkd, a generally private hacker who was excited to share his experience!
- Hacker Spotlight: Interview with notnaffyby johnk on February 12, 2021 at 3:00 pm
Entrepreneur and hacker, @notnaffy talks about his journey in hacking through the years and his methodologies. Read this epic Q&A in this week’s hacker spotlights!
- 2020 Hacker Community Year in Reviewby Jenn Eugenio on February 11, 2021 at 4:00 pm
From CTF’s to virtual live hacking events and more, check out this recap of the initiatives HackerOne hosted for the hacker community in 2020.
- Hacker Spotlight: Interview with hazimaslamby johnk on February 5, 2021 at 3:00 pm
This week’s hacker spotlight, we virtually travel to Pakistan to get to know @hazimaslam and how he hacks and his motivations to continue hacking.
- Announcing The Hacker of The Hillby Jenn Eugenio on February 3, 2021 at 7:00 pm
- Hacker Spotlight: Interview with pnig0sby johnk on January 29, 2021 at 3:00 pm
Detailed, meticulous and precise. @pnig0s shares his hacking style and successes from his bug bounty experience in this latest Hacker Spotlight.