Breach Basics: Preparation for the Inevitable
Data breaches in information security have become an inescapable reality. A common inquiry we receive here at HackerOne is for guidance on how to most…
Category: Mix
The ICO’s 12-Step Guide to GDPR Compliance
When the European General Data Protection Regulation (GDPR) takes effect on May 25, 2018, every organization that collects information on European Union (EU) citizens will…
KPMG’s Cyber Security Expert Offers Advice for Bug Bounty Success
Before you propose a bug bounty program to your organization, you need a comprehensive plan. That’s just one of the many takeaways offered on a…
Why Riot Games Pays Hackers to Break Them
In the League of Legends world, your nexus is protected from outside threats by a strong team of diverse champions. It’s similar to how you…
SQL Injection in 1 min!
A lot could go wrong on the internet! A clever attacker can with ease gather all the intelligence he/she needs in order to conduct a…
AlienVault streamlines their vulnerability disclosure with HackerOne Response
Like many organizations, AlienVault had set up a vulnerability disclosure policy for any bugs found on their website. If someone found a vulnerability, all they…
The basics of Cross-site Scripting (XSS)
A lot can go wrong on the Internet and XSS is without a doubt one of the most common web security issues we see today. Without…
The European Commission’s First-Ever Bug Bounty Program
The European Commission has selected HackerOne as the platform for their first ever bug bounty program. This not only expands the number of government agencies…
The basics of Local File Inclusions
Local File Inclusion is quite simply the act of including files that are stored on the web server you are interacting with. LFI’s twin, Remote…
Hacking the U.S. Air Force (again) from a New York City subway station
New York City during the holidays. Magical. Bringing together hackers from around the world to legally hack the U.S. Air Force. Double the magic. On…
Malicious Data Mining @ HyperIsland
Johan Edholm and I (Fredrik Nordberg Almroth) had a talk a while back at HyperIsland, Stockholm (the 18’th of October) for the DDS13 group. The purpose of the talk…
Bug Bytes #201 – Path Traversal, Prompt Injection, and GitHub Actions
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…