Server-Side Request Forgery – SSRF Security Testing
Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behavior of a server making a request that’s under the attacker’s control.…
Category: Mix
GitHub Embraces Hacker-Powered Security To Protect 55 Million Projects
We recently published The GitHub Bug Bounty Story and couldn’t be more excited to share it with you! TL;DR: Their lead security engineer summarizes the…
Getting to know the HackerOne triage team with Zach Dando
If triaging vulnerability reports was a martial art, Zach Dando would be sensei master. Zach runs the triage team at HackerOne and we recently sat…
The Hacker-Powered Security Report: Insights from Over 800 Programs
Did you know 94% of the Forbes Global 2000 do not have known vulnerability disclosure policies? It’s true, and the average amount paid out for…
HackerOne-sie – More than just epic swag
Swag means a lot to HackerOne (and to you, our hackers). It’s not just apparel and stickers. It’s a badge of honor. An invitation and…
Key Findings From The Hacker-Powered Security Report: It’s Not Just For Tech (1 of 6)
This is the first in a six-part series expanding on the “key findings” of the Hacker-Powered Security Report 2017. Based on data gathered from over…
Your Grab public bug bounty program is arriving now
Any hackers out there ever hunt for bugs on your mobile phone while riding in a car? Well, now our thousands of hackers in Southeast…
451 Research Defines 7-Step Roadmap for Hacker-Powered Security Success
One of the top IT research and advisory companies, 451 Research, recently authored a new “pathfinder report” advising decision-makers on the value of bug bounties…
HackerOne Black Hat Week Activities- 2017 Edition
Let the countdown begin – Las Vegas awaits patiently for that amazing week of 0-days, conferencing, revelry, and networking. Read on for a quick rundown…
Key Findings From The Hacker-Powered Security Report: Security Responsiveness is Improving (2 of 6)
With hacker-powered security, it’s critical to open and maintain a line of communication with the hackers who are working to find your vulnerabilities. It’s why…
Webinar Recap: Attorneys Chime in on Hacker-Powered Security
To learn more about how legal teams and federal enforcers view hacker-powered security, we invited Megan Brown, partner, and Matthew Gardner, attorney, from the Privacy…
Tor Project Launches Public Bug Bounty Program | Q&A with Tor Browser Team Lead, Georg Koppen
In January 2016, the Tor Project launched its first private bug bounty program on HackerOne. Today the Tor Project announced its public bug bounty program.…