What Is an Information Disclosure Vulnerability? [Examples]
HackerOne’s 8th Annual Hacker-Powered Security Report states that information disclosure is the third most common vulnerability reported in bug bounty and the fourth most common for…
Category: Mix
What Is It & How to Remediate
HackerOne’s 8th Annual Hacker-Powered Security Report states that improper access control is the second most common vulnerability reported in a bug bounty and number three reported…
Unlocking Engagement with Employee Feedback
Since 2018, HackerOne has maintained an employee engagement survey participation rate of over 80%, with half of the surveys achieving 90% or more participation. The…
How HackerOne Disproved an MFA Bypass With a Spot Check
What Is a Spot Check? A Spot Check is a powerful tool for security teams to do a tightly focused and scoped human-powered assessment with security…
HackerOne’s Fall Day of Service
Employees had the chance to connect over shared goals and values, fostering stronger relationships beyond the workplace. This event generated 13 projects around the U.S.…
How REI Strengthens Security with HackerOne’s Global Security Researcher Community
Q: Please introduce yourself. Tell us what you do at REI and why cybersecurity is important to REI. A: I’m Isaiah Grigsby, a senior application…
How HackerOne Employees Stay Connected and Have Fun
This year, we launched new initiatives designed to bring people together in fun and innovative ways, including playing online games, monthly global fitness challenges, and…
How an MFA Bypass Led to Account Takeover [Plus 11 Authentication Tips]
Many Facets, One Goal A common trope in cybersecurity is “don’t roll your own auth.” There’s a reason for this: implementing authentication is deceptively difficult. Many…
Network and Information Systems Directive (NIS2) Compliance: What You Need to Know
This blog will break down the NIS2 Directive drawing information from the original directive briefing published by the European Parliament and explain how organizations can…
Why Retail and E-commerce Organizations Trust Security Researchers During the Holiday Shopping Season
Retail and e-commerce organizations are major targets this time of year, which is why proactive security testing is essential to preparing for a potential onslaught…
Is Your Security Ready For Bug Bounty? [5 Questions]
1. Are You Prepared to Manage Incoming Vulnerability Reports? Naturally, the purpose of running a bug bounty program is to identify vulnerabilities beyond what your…
Hai’s Latest Evolution: Intelligence, Context, and More Intuitive UX
Transforming Security Program Management: A Day with Hai Picture this: It’s Monday morning, and your dashboard shows fifteen new vulnerability reports from the weekend. Your…