Blog | HackerOne

Solutions
- Initiatives
  - Business Initiatives
    What is your cybersecurity need?
  - Secure the Attack Surface
    Protect your evolving assets.
  - Secure Software Development
    Scale app security across the SDLC.
  - Digital Brand Trust
    Build your brand and protect your customers.
  - Ensure Compliance
    Meet compliance requirements and more.
  - Hidden Placeholder
    Hidden Placeholder
- Industries
Products
- Explore
  - Explore the Products
    Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.
  - Security Assessments
    Test your organization's security preparedness with HackerOne Assessment.
    
    Pentest
    Establish a compliant vulnerability assessment process.
  - Response
    The first step in receiving and acting on vulnerabilities discovered by third-parties.
  - Bounty
    Continuous testing to secure applications that power organizations.
  - Clear + Gateway
    Highly vetted, specialized researchers with best-in-class VPN.
  - Services
    Enhance your hacker-powered security program with our Advisory and Triage Services.
Why HackerOne
- For Business
- For Hackers
Company
- About HackerOne
- In the News
  - Press
  - Press Archive
Resources
- Resources
- Events
  - Events
  - Security@ Conference
Contact Us

From The CEO

Time to Issue Your Own Cyber Executive Order

Time is not kind to the security of an organization. The longer you wait, the weaker you are. The more things drag out, the higher the risk of breach. Delays in responding to threats, incidents, and compromises mean exponential cost increases.

Browse by Category

Recent Posts

What is Penetration Testing? How Does It Work Step-by-Step?

Penetration testing, aka pen testing or ethical hacking, attempts to attempt to breach a system's security for the purpose of vulnerability identification. Testing is done in an authorized and structured manner to report and rectify so that weaknesses can be reported and rectified.

June 14, 2021 HackerOne

60 days of insights from the DoD’s Defense Industrial Base Vulnerability Disclosure Program Pilot

It's been 60 days since the DoD's Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) pilot launched. In this blog, DC3 and HackerOne sit down to talk about the pilot’s early successes, learnings to date, and their goals for the future.

June 11, 2021 HackerOne

Announcing Hack the Army 3.0 Results: A Conversation with Defense Digital Service, U.S. Army, and Hack the Army 3.0’s Top Hacker

HackerOne sat down with DDS and Army program leaders and one of the security researchers who hacked the Army. We discussed why Hack the matters, the results that were uncovered in Hack the Army 3.0, and their plans for the future of cybersecurity within the DoD and the U.S. Military. Read on to see what they had to say.

June 10, 2021 HackerOne

Build a Resilient Security Posture with Vulnerability Intelligence and Cybersecurity Ratings

Reducing risk is the fundamental reason organizations invest in cybersecurity. As the threat landscape grows and evolves, organizations need a proactive approach to building and protecting their security posture.

June 7, 2021 HackerOne

Hack Hard. Have Fun. Increase Security

In March, Amazon sponsored HackerOne’s 10-day, virtual hacking event, which attracted more than 50 security researchers to identify potential vulnerabilities across Amazon’s core assets. Read on for highlights from the event.

June 4, 2021 HackerOne

Microsoft Says: Russian SolarWinds Hackers Hit U.S. Government Agencies Again

Microsoft says the state-backed Russian hacker group Nobelium—the same actor behind the 2020 SolarWinds attacks—took control of the State Department’s United States Agency for International Development email system. This bold attack, expected to be ongoing, breached federal government supplier systems sending out official-looking emails to over 3,000 accounts across more than 150 organizations.

June 2, 2021 HackerOne

How Digital Transformation Changes An Organization's Security Challenges

Last week, HackerOne joined WhiteSource, AWS, and IGT for a roundtable discussion about the new security challenges of digital transformation. The panel discussed cloud security, software supply chain security, and vulnerability disclosure programs as examples of proactive approaches organizations can take to mitigate their risk.

June 3, 2021 HackerOne

Spotlight on the Server-Side

Server-side request forgery (or SSRF) vulnerabilities are particularly dangerous because they can lead to total system compromise. Discover where they’re most common, explore real-world examples, and learn prevention tips from hackers.

May 25, 2021 HackerOne

Time to Issue Your Own Cyber Executive Order

Last week’s U.S. Presidential Executive Order underscores the critical status of #cybersecurity in the U.S. Today, HackerOne CEO Marten Mickos shares his perspective on how private sector CEOs should take action and make security a collective internal priority for organizations.

May 24, 2021 Mårten Mickos

Celebrating todayisnew with the 100K CTF, AMA, and Giveaway

Todayisnew is currently at the top of our global leaderboard with 100,000+ reputation points, and we’re celebrating this record-breaking milestone with an AMA, CTF, and giveaway! Read on to find out more.

May 21, 2021 HackerOne