Bug Bounty Programs — Why Should I Care?
Why should I care about bug bounty programs? Every digital company has software vulnerabilities, and they get expensive in case of a breach. The cost…
Category: Mix
HackerOne’s Approach to Triage | HackerOne
By Jobert Abma This is part 1 in a series of blog posts on HackerOne’s Triage Services. Triage is critical to any vulnerability disclosure process…
Visual Guide to Bug Bounty Programs
The Bug Bounty Field Manual is the definitive guide on how to plan, launch, and operate a successful bug bounty program. But 10,283 words is…
Register Now to Hack the US Air Force
Hackers, do you have what it takes to hack the U.S. Air Force? Register now to participate in the Department of Defense’s largest bug bounty…
Put Your Security to the Test: Introducing HackerOne Challenge
Today we launch a new product, designed for every security team that runs periodic testing of web applications. HackerOne Challenge is modeled after the time-bound…
GitLab’s Brian Neel on Secure Software Development and Bug Bounties
Did you miss our webinar with GitLab, Innovating Faster Without Sacrificing Security or Quality? It is jam packed with insights into how they partner with…
The $30,000 Gem: Part 1
Opening your database to the world is a scary thought! But that’s exactly what we wanted to do by implementing a GraphQL endpoint. Feeling stuck…
It’s Phab-tastic! HackerOne integrates with Phabricator
Like many companies in Silicon Valley, we at HackerOne believe in using what we build. (This is sometimes referred to as eating your own dog…
Server-Side Request Forgery – SSRF Security Testing
Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behavior of a server making a request that’s under the attacker’s control.…
GitHub Embraces Hacker-Powered Security To Protect 55 Million Projects
We recently published The GitHub Bug Bounty Story and couldn’t be more excited to share it with you! TL;DR: Their lead security engineer summarizes the…
Getting to know the HackerOne triage team with Zach Dando
If triaging vulnerability reports was a martial art, Zach Dando would be sensei master. Zach runs the triage team at HackerOne and we recently sat…
The Hacker-Powered Security Report: Insights from Over 800 Programs
Did you know 94% of the Forbes Global 2000 do not have known vulnerability disclosure policies? It’s true, and the average amount paid out for…