Skip to main content

Application Security

Learn how to prevent vulnerabilities in your applications. We cover current practices in application security, cloud security, API testing, and more.

Ian Carroll, Staff Security Engineer @ Robinhood
Customer Stories, Bounty, Application Security, Best Practices

Robinhood Goes Long on Bug Bounty: Q&A with Ian Carroll and @ashwarya

Seven years of bug bounty, 21-hour average time to bounty, 130 hackers thanked, and hackers on both sides of the program: Robinhood’s Ian Carroll...

Ian Carroll, Staff Security Engineer @ Robinhood
Customer Stories, Bounty, Application Security, Best Practices

Robinhood Goes Long on Bug Bounty: Q&A with Ian Carroll and @ashwarya

Seven years of bug bounty, 21-hour average time to bounty, 130 hackers thanked, and hackers on both sides of...

HackerOne Blog - Human security testers
Application Security

How Human Testers Improve Application Security

A suite of DevSecOps tools is available to automate reviews, audits, tests, and scans throughout the...
Application Security, Penetration Testing, Vulnerability Management

Introducing Unified HackerOne Scope Management with Burp Suite Support

This post will start with the basics of defining scope and how ethical hackers and testers use it in their...
HackerOne Blog
Application Security, Vulnerability Management

Security Highlights: New CWE Rankings, Software Supply Chains, and Side-Channel Attacks

MITRE Releases 2022 CWE Top 25 The popular CWE Top 25 list, which ranks the most dangerous software...
DevSecOps Pipeline
Application Security

5 Security Stages of the DevSecOps Pipeline

DevSecOps builds on modern DevOps practices by incorporating security processes and automation into the...

Overlooked Server Permissions
Application Security

The Most Overlooked Server Permission Checks

We previously looked at common server authentication issues we see in code review and offered tips to avoid...
DevOps DevSecOps
Application Security

DevSecOps vs DevOps: What is the Difference?

DevSecOps can dramatically reduce cyber risk for organizations—particularly those that rely on internal...

What is Confluence CVE-2022-26134 and How Do I Fix It
Application Security

Severe Confluence Vulnerability is an Active Threat (CVE-2022-26134)

Background The vulnerability allows unauthenticated remote code execution (RCE). Exploitation occurs by...