What’s a Vulnerability Disclosure Program & Do You Need One?
What Is a Vulnerability Disclosure Program? A VDP is a structured method for anyone to report vulnerabilities. VDPs should include a process for receiving a…
Category: Mix
DevSecOps: Bridging the Gap Between Security and Development
At HackerOne’s recent 2021 Security@ conference, we spoke to Mike Hanley, CSO at GitHub. As a company that prizes security while serving tens of millions…
Detectify releases new and improved integrations
Integrations are intended to make work and the flow of information smoother. In our case, the integrations expedite critical vulnerability information found by Detectify to…
[tl;dr sec] #179 – BSidesSF Summaries, Attacking Kubernetes, OpenAI + Burp Suite
Hey there, I hope you’ve been doing well! Conference Montage I have some amusing anecdotes from BSidesSF and RSA that I want to share, but…
Jedox’s Journey with HackerOne: A Q&A with CTO, Vladislav Maličević
Vladislav Maličević is the Chief Technology Officer at Jedox, a leading global provider of cloud-based enterprise performance management solutions for Financial Planning and Analysis. Jedox…
Web Cache Entanglement – Novel Pathways to Poisoning
Each year we anticipate new research from James Kettle at the annual Black Hat USA event and he’s become known for his web cache research.…
Vulnerability Disclosure | What’s the Responsible Solution?
What Is a Vulnerability Disclosure? During a vulnerability disclosure, individuals report security weaknesses in computer systems to the organization. Disclosures can be contentious; some organizations…
Discover latest security vulnerabilities in minutes with Detectify
25 minutes. That’s how long it took to bring high severity security vulnerabilities to Detectify Asset Monitoring customers from the moment they were discovered. On…
DOD’s DIB-VDP Pilot Hits Six Month Milestone
Six months into the 12-month pilot with the Department of Defense’s Defense Industrial Base Vulnerability Disclosure Pilot (DOD DIB-VDP Pilot), HackerOne sat down with key…
Common Nginx misconfigurations that leave your web server open to attack
Nginx is the web server powering one-third of all websites in the world. Detectify Crowdsource has detected some common Nginx misconfigurations that, if left unchecked,…
The Evolution of HackerOne’s Live Hacking Events
If you’ve heard of HackerOne, then you’ve heard about our Live Hacking Events. For years, we’ve been bringing together the brightest minds in security to…
Reflected Cross-Site Scripting in cPanel (CVE-2023-29489) – Assetnote
Summary A reflected cross-site scripting vulnerability can be exploited without any authentication in affected versions of cPanel. The XSS vulnerability is exploitable regardless of whether…