The HackerOne Cake Story | HackerOne
When Jobert and Michiel started their penetration testing consultancy, they ran into a frustrating reality. Convincing companies to trust two 18-year-olds without professional credentials or…
Category: Mix
What Will a New Administration and Congress Mean for Cybersecurity and AI Regulation?
Much attention has been paid to the incoming administration’s stated intentions to roll back regulations, as well as their criticism of certain cybersecurity and artificial…
Salesforce Teams Up With All-Star Hackers at H1-4420
“With help from hackers, Salesforce can consistently put its products and systems to the test, as well as boost security throughout the entire software development…
Bug Bounty Vs. Pentest [Differences Explained]
What Is Pentesting? Pentesting attempts to ethically breach a system’s security for the purpose of vulnerability identification. In most cases, both humans and automated programs…
A complete guide to finding SSRF vulnerabilities in PDF generators
PDF generators are commonly implemented in applications. Developers tend to use these components to generate documents based on dynamic data provided from the database for…
How HackerOne Reinvented Security for Developers
Workflow Integration Code security tools need to be accessible in the toolkit developers already use and in the workflows they already know. Git pull/merge requests,…
The complexities of scaling AppSec teams and how to address them in 2025 | Blog
Tom Ryder | 28 January 2025 at 13:08 UTC Your organization’s application portfolio is growing and so are the risks. With every new web app,…
Severity Does Not Mean Priority
Automated scanners and tools are noisy; they do not know your business and can’t extrapolate context to truly understand validity and impact. Severity ratings are…
Meet the Talent Strategy Team
Our understanding of leadership and employee needs and the ability to build learning and development content made it easier for us to make development recommendations…
How to Fortify Your Assets & Maintain Compliance
Stepped-up SEC Enforcement Makes Proactive Security a Must The SEC’s finalized cybersecurity rules, effective starting mid-December 2023, place a spotlight on requirements for transparency regarding…
Implementing Zero Trust Security With a VDP
I understand the importance of Zero Trust but, personally, I’ve had a hard time bridging the gap between how the world of vulnerability disclosure and…
HackerOne Hack My Career Meet Kayla Underkoffler
In a world where career transitions have become increasingly common, some stories stand out as inspiring. Today, we introduce a remarkable individual who has transitioned…