The 2022 Attack Resistance Report

Nearly half of organizations lack confidence to close security gaps according to a new report.

Check out the report

Introducing Attack Resistance Management

Learn how to find and protect all your assets.

Discover how it works

Security@ 2022: Achieve Attack Resistance

Attend the 6th annual Security@ conference to learn exactly what you can do to protect your constantly evolving attack surface and stay ahead of emerging threats.

October 12-13, San Diego | October 13, London

Meet with HackerOne at Black Hat August 6-11

Find and close your attack resistance gap.

Meet with HackerOne

Solutions
Solutions
Solutions

Attack Resistance Management

Understand your attack surface, test proactively, and expand your team.

Vulnerability Management

Fortify your current program with comprehensive security testing.

Cloud Security

Protect your cloud environment against multiple threat vectors.

Application Security

Integrate continuous security testing into your SDLC.

Industries

Financial Services

Government

US Federal
Products
Products
Explore Products

Platform Overview

The security testing platform that never stops.

HackerOne Bounty

Uncover critical vulnerabilities that conventional tools miss.

HackerOne Assets

Attack surface management informed by hacker insights.

HackerOne Response

Reduce risk with a vulnerability disclosure program (VDP).

HackerOne Services

Mature your security readiness with our advisory and triage services.

HackerOne Insights

View program performance and vulnerability trends.

HackerOne Assessments

Assess, remediate, and secure your cloud, apps, products, and more.

HackerOne Pentests

Meet vendor and compliance requirements with a global community of skilled pentesters.
Partners
Partners
Partners

Partner Overview

Explore our technology, service, and solution partners, or join us.

Integrations

Integrate and enhance your dev, security, and IT tools.

AWS

Protect your cloud environment with AWS-certified security experts.
Company
Company
Company

About Us

We empower the world to build a safer internet.

Leadership

Meet the team building an inclusive space to innovate and share ideas.

Careers

Want to make the internet safer, too? Join us!

Trust

Earning trust through privacy, compliance, security, and transparency.

In the News

Press

Press Releases
Hackers
Hackers
For Hackers

Hackers

Hack, learn, earn. See what the HackerOne community is all about.

Hacker101

Free videos and CTFs that connect you to private bug bounties.

Hacktivity

Watch the latest hacker activity on HackerOne.

Directory

Find disclosure programs and report vulnerabilities.

Leaderboard

See the top hackers by reputation, geography, OWASP Top 10, and more.

h@cktivitycon

Join the virtual conference for the hacker community, by the community.
Resources
Resources
Resources

Resource Center

The latest news, insights, stories, blogs, and more.

Documentation

Explore our product features.

Meet our Successful Customers

Customers all over the world trust HackerOne to scale their security. See how they succeed.

Events

Join us for an upcoming event or watch a past event.

Security@ Conference

Knowledge Center

Attack Surface

Cloud Security

Cybersecurity Attacks

DevSecOps

Vulnerability Assessment

Penetration Testing

Blog Categories

Blog

Application Security

Company News

Ethical Hacker

Penetration Testing

Security Compliance

Vulnerability Management

Community

Application Security

Learn how to prevent vulnerabilities in your applications. We cover current practices in application security, cloud security, API testing, and more.

Category

Application Security

Penetration Testing

Security Compliance

Vulnerability Management

All

All

HackerOne Blog

Application Security, Vulnerability Management

MITRE Releases 2022 CWE Top 25

The popular CWE Top 25 list, which ranks the most dangerous software vulnerabilities, has been updated for 2022. The...

HackerOne Blog

Application Security, Vulnerability Management

MITRE Releases 2022 CWE Top 25 The popular CWE Top 25 list, which ranks the most dangerous software...

DevSecOps Pipeline

Application Security

DevSecOps builds on modern DevOps practices by incorporating security processes and automation into the...

Overlooked Server Permissions

Application Security

We previously looked at common server authentication issues we see in code review and offered tips to avoid...

DevOps DevSecOps

Application Security

DevSecOps can dramatically reduce cyber risk for organizations—particularly those that rely on internal...

What is Confluence CVE-2022-26134 and How Do I Fix It

Application Security

Background The vulnerability allows unauthenticated remote code execution (RCE). Exploitation occurs by...

pullrequest5ways

Application Security

Important reviewer traits for providing a great code review include prior knowledge and experience, expertise...

HackerOne announces PullRequest acquisition

Company News, Application Security

Security vulnerabilities are a significant workflow disruption when discovered near the end of development...

How Wix Uses HackerOne to Improve Their Cybersecurity Posture

Customer Stories, Application Security, Best Practices, Bounty, Vulnerability Management

Reducing risk is fundamental to Wix’s approach to cybersecurity, and as the threat landscape evolves, they...

Application Security

Vulnerability Management

Security Compliance

Penetration Testing