Last week, HackerOne joined WhiteSource, AWS, and IGT for a roundtable discussion about the new security challenges of digital transformation. Both existing organizations making the digital shift and…
We have written about Content Security Policy (CSP) on Detectify Labs before. But maybe you’re wondering why should you have it on your site to…
Amazon’s Live Hacking Event with HackerOne At Amazon, ensuring security is essential for earning customers’ trust. As part of Amazon’s ongoing public Vulnerability Research Program (VRP),…
There are times where an attacker can hack a system and yet nothing is sent back, and this is classified as a blind vulnerability. This…
Reducing risk is the fundamental reason organizations invest in cybersecurity. The threat landscape grows and evolves, creating the need for a proactive, continual approach to…
This is a guest blog post from Detectify Crowdsource hacker, Gwendal Le Coguic. This is a tutorial on how to bypass Cloudflare WAF with the…
Five years after the Defense Digital Service (DDS) launched the first-ever U.S. federal government bug bounty Challenge, we’re pleased to announce the results of Hack…
Swedish west coast native Emelie Andersson moved to the other side of the country 6 years ago to pursue a career in software sales. Today…
In April of 2021, the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) pilot kicked off a twelve-month program to invite security researchers to hunt for…
Good security starts with knowing your web assets. To enable transparency over your tech stack, we have released Asset Inventory, a new view that helps…
HackerOne recently hosted AWS and a panel of expert ethical hackers to discuss how Server-Side Request Forgery (SSRF) vulnerabilities and cloud misconfiguration are ripe environments for hackers to discover…
Pulse Secure and Fortinet have announced advisories detailing a critical vulnerability found that enables an unauthenticated user to conduct file disclosure in SSL VPN. Thanks…
