CAPTCHA does not prevent cross-site request forgery (CSRF)
In our dialogues with customers, we often come across cross-site request forgery (CSRF) findings marked as False Positives due to having CAPTCHA implemented. There is a…
Category: Mix
Live hacking the U.S. Air Force, UK Ministry of Defence and Verizon Media in Los Angeles at h1-213
On November 6th, over 60 hackers descended on the City of Angels for the final HackerOne flagship live hacking event of 2019, h1-213. For the…
Six years of the GitHub Security Bug Bounty program
This guest blog post was authored by Brian Anglin, Application Security Engineer at GitHub and originally published on the GitHub company blog. Last month GitHub…
Hack for Good: Easily Donate Bounties to WHO’s COVID-19 Response Fund
The community has come together in some amazing ways to support COVID-19 relief efforts from Marc Rogers’ CTI League, the US Digital Response group helping…
ACME TLS-SNI-01 shared hosting exploit using Let’s Encrypt
On Tuesday, January 9, Detectify’s security advisor Frans Rosén discovered and reported a security issue in in TLS-SNI-01 validation in Let’s Encrypt. Exploiting the issue…
Live Hacking Goes Virtual | HackerOne
At a time when security must be managed remotely, HackerOne and Verizon Media called on the naturally remote and global community of skilled hackers and…
GDPR security from an ethical hacker’s perspective
Discussions about the GDPR (General Data Protection Regulation) often touch upon security, a topic that few people know as well as ethical hackers. What can…
Universal Business Components (UBC) – Daniel Miessler
Seems like everyone, including me, is talking about how AI is going to take over everything. Cool, but what does that mean exactly? And how…
Slack Increases Bounty Minimums For the Next 90 Days
This blog post was contributed by Slack Staff Technical Program Manager Branden Jordan. Given the success of Slack’s previous promotion and their continued focus on…
Introducing Detectify API v 2
We have released Detectify API v 2 to help you integrate Detectify with your own systems and make it your own. Our old API has…
Hackweek: An insider’s look at HackerOne culture
I’m now a month into my role as Chief People Officer at HackerOne and know I made the right decision to be here. Of course,…
Do not dismiss the small vulnerabilities!
Never dismiss a small vulnerability because its impact on its own is negligible. Seemingly innocent vulnerabilities can be combined into something much more dangerous or,…