The $30,000 Gem: Part 1
Opening your database to the world is a scary thought! But that’s exactly what we wanted to do by implementing a GraphQL endpoint. Feeling stuck…
Category: Mix
It’s Phab-tastic! HackerOne integrates with Phabricator
Like many companies in Silicon Valley, we at HackerOne believe in using what we build. (This is sometimes referred to as eating your own dog…
Server-Side Request Forgery – SSRF Security Testing
Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behavior of a server making a request that’s under the attacker’s control.…
GitHub Embraces Hacker-Powered Security To Protect 55 Million Projects
We recently published The GitHub Bug Bounty Story and couldn’t be more excited to share it with you! TL;DR: Their lead security engineer summarizes the…
Getting to know the HackerOne triage team with Zach Dando
If triaging vulnerability reports was a martial art, Zach Dando would be sensei master. Zach runs the triage team at HackerOne and we recently sat…
The Hacker-Powered Security Report: Insights from Over 800 Programs
Did you know 94% of the Forbes Global 2000 do not have known vulnerability disclosure policies? It’s true, and the average amount paid out for…
HackerOne-sie – More than just epic swag
Swag means a lot to HackerOne (and to you, our hackers). It’s not just apparel and stickers. It’s a badge of honor. An invitation and…
Key Findings From The Hacker-Powered Security Report: It’s Not Just For Tech (1 of 6)
This is the first in a six-part series expanding on the “key findings” of the Hacker-Powered Security Report 2017. Based on data gathered from over…
Your Grab public bug bounty program is arriving now
Any hackers out there ever hunt for bugs on your mobile phone while riding in a car? Well, now our thousands of hackers in Southeast…
451 Research Defines 7-Step Roadmap for Hacker-Powered Security Success
One of the top IT research and advisory companies, 451 Research, recently authored a new “pathfinder report” advising decision-makers on the value of bug bounties…
HackerOne Black Hat Week Activities- 2017 Edition
Let the countdown begin – Las Vegas awaits patiently for that amazing week of 0-days, conferencing, revelry, and networking. Read on for a quick rundown…
Key Findings From The Hacker-Powered Security Report: Security Responsiveness is Improving (2 of 6)
With hacker-powered security, it’s critical to open and maintain a line of communication with the hackers who are working to find your vulnerabilities. It’s why…