The not-so-secret hack to impactful bug bounty programs
At the core of every thriving bug bounty platform lies its triage team. These teams evaluate vulnerability reports, deciding on escalation and prioritization. Moreover, they…
Category: Mix
Breaking Down the OWASP Top 10: Insecure Design
In the absence of these considerations, systems can be retrofitted with ineffective security controls or lack them entirely. This can be attributed to teams rushing…
New York Releases AI Cybersecurity Guidance: What You Need to Know
AI adoption is accelerating in the financial services industry, both as an asset for improving business operations and as a potential tool to defend against…
A complete guide to finding advanced file upload vulnerabilities
File upload vulnerabilities are fun to find, they are impactful by nature and in some cases even result in remote code execution. Nowadays, most developers…
How Crypto and Blockchain Organizations Manage Complex Attack Surfaces With Competitive Security Testing Programs
There are three factors that differentiate crypto and blockchain organizations from other industries; their attack surfaces, their most common vulnerabilities, and the amount they spend…
How a Privilege Escalation Led to Unrestricted Admin Account Creation in Shopify
In a privilege escalation attack, an attacker gains elevated rights, permissions, or entitlements beyond the intended level associated with their identity, account, or device. Systems…
The key to ensuring software quality and reliability
Regression testing is a crucial part of software development that ensures new code changes don’t negatively affect existing functionality. It comes into play for developers…
Hack My Career: Saskia Braucher
When Saskia joined the tech world, she didn’t follow the conventional path of computer science degrees or coding boot camps. Instead, her journey was shaped…
Six Years of Proactive Defense: Deribit’s Journey with HackerOne
Q: Why did Deribit launch a bug bounty program? A: I like to view security as an onion where each additional layer provides additional protection…
Introducing the Wells Fargo Public Bug Bounty Program
Since then, we’ve grown the program, collaborated with HackerOne, and built partnerships within the bug bounty community. The valuable insights we’ve gained from security researchers…
Top Tool Capabilities to Prevent AI-Powered Attacks
Recent advances in AI technologies have granted organizations and individuals alike unprecedented productivity, efficiency, and operational benefits. AI is, without question, the single most exciting…
New Guidance for Federal AI Procurement Embraces Red Teaming and Other HackerOne Suggestions
Earlier this year, the Office of Management and Budget (OMB), which establishes budget rules for federal agencies, issued a memorandum on Advancing the Responsible Acquisition of…