Skip to main content

Application Security

Learn how to prevent vulnerabilities in your applications. We cover current practices in application security, cloud security, API testing, and more.

Ian Carroll, Staff Security Engineer @ Robinhood
Customer Stories, Bounty, Application Security, Best Practices

Robinhood Goes Long on Bug Bounty: Q&A with Ian Carroll and @ashwarya

Seven years of bug bounty, 21-hour average time to bounty, 130 hackers thanked, and hackers on both sides of the program: Robinhood’s Ian Carroll...

Alex Rice and Zane Lackey Discuss Modern Security for Practitioners
Application Security, Company Resources

Alex Rice and Zane Lackey Discuss Modern Security for Practitioners

Our co-founder and CTO, Alex Rice, was a recent guest on The Modern Security Series by Signal Sciences, along...

5 Hacker-Powered Trends You Need to Know About
Application Security, Data and Analysis, Hacker Powered Security Report

5 Hacker-Powered Trends You Need to Know About

For your quick reference, we’ve distilled the Hacker-Powered Security Report to 5 key trends that show how...

Public Bug Bounty Program
Application Security, New Program Launch

Tor Project Launches Public Bug Bounty Program | Q&A with Tor Browser Team Lead, Georg Koppen

In January 2016, the Tor Project launched its first private bug bounty program on HackerOne. Today the Tor...

Hacker-Powered Security
Application Security, Best Practices

451 Research Defines 7-Step Roadmap for Hacker-Powered Security Success

One of the top IT research and advisory companies, 451 Research, recently authored a new “pathfinder report”...

Your Grab public bug bounty program is arriving now
Application Security, New Program Launch

Your Grab public bug bounty program is arriving now

Any hackers out there ever hunt for bugs on your mobile phone while riding in a car? Well, now our thousands...

GitHub Hacker-Powered Security
Application Security, Customer Stories, Bounty

GitHub Embraces Hacker-Powered Security To Protect 55 Million Projects

You’ve probably heard of GitHub, but you might not know they support more than 20 million people learning...

How To: Server-Side Request Forgery (SSRF)
Application Security

How To: Server-Side Request Forgery (SSRF)

Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behavior of a server...

It’s Phab-tastic! HackerOne integrates with Phabricator
Application Security, New Features

It’s Phab-tastic! HackerOne integrates with Phabricator

Like many companies in Silicon Valley, we at HackerOne believe in using what we build. (This is sometimes...