Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen
The file upload vulnerability type is as broad in scope as the number of different file types. These vulnerabilities are an ever-present security concern. While…
Category: Mix
OWASP Top 10: The Risk of Cryptographic Failures
What Is Cryptography? Cryptography is the practice and study of techniques for securing communication and information by transforming it into a format that is unreadable…
Measure, Compare, and Enhance Security Programs with HackerOne Benchmarks
Without clear comparisons and long-term visibility, it’s challenging to identify areas for improvement and make informed, data-driven decisions. That’s why we’re excited to introduce HackerOne Benchmarks,…
Securing Our Elections Through Vulnerability Testing and Disclosure
Security researchers and election technology manufacturers at the Election Security Research Forum (ESRF). The Event In preparation for the election season, HackerOne planned and executed…
Who Should Own AI Risk at Your Organization?
In this blog, we’ll explore who is and should be accountable for AI risk within organizations and how to empower them to take this significant…
What Is a Business Logic Vulnerability? [Example]
It sounds straightforward enough, but business logic vulnerabilities can result in an array of serious security issues, such as unauthorized access, bypassing rate limits, or…
The Impacts of Cross-site Scripting (XSS) [With Real Examples]
According to HackerOne’s 8th Annual Hacker-Powered Security Report, XSS is the number one most common vulnerability for bug bounty and number two for pentesting. Combining…
What Is an Information Disclosure Vulnerability? [Examples]
HackerOne’s 8th Annual Hacker-Powered Security Report states that information disclosure is the third most common vulnerability reported in bug bounty and the fourth most common for…
What Is It & How to Remediate
HackerOne’s 8th Annual Hacker-Powered Security Report states that improper access control is the second most common vulnerability reported in a bug bounty and number three reported…
Unlocking Engagement with Employee Feedback
Since 2018, HackerOne has maintained an employee engagement survey participation rate of over 80%, with half of the surveys achieving 90% or more participation. The…
How HackerOne Disproved an MFA Bypass With a Spot Check
What Is a Spot Check? A Spot Check is a powerful tool for security teams to do a tightly focused and scoped human-powered assessment with security…
HackerOne’s Fall Day of Service
Employees had the chance to connect over shared goals and values, fostering stronger relationships beyond the workplace. This event generated 13 projects around the U.S.…