We are excited to announce the new features we've added to HackerOne over the last two months. These features are available to use right now and we hope you check them out.
1. Improved Triggers [Settings > Triggers]
Our triggers engine has now been updated with the ability to show an interstitial prior to report submission. When the trigger's criteria has been met, an interstitial appears to convey additional context to the hacker and confirm before the report is submitted. We hope you'll find this feature helps you avoid the submission of a number of out-of-scope or commonly reported false positives.
Here's a live example where ownCloud applied an interstitial trigger to communicate an intentional behavior in their infrastructure:
Interstitial trigger about ownCloud's SPF policy
2. Automated Scanner Detection
Automated vulnerability scanners are one of the more common sources of false positives on the platform. To help mitigate their impact, we've updated our report classification engine with detection for common outputs from these scanners that are frequently flagged as invalid by our customers. By allowing the hacker to double check the report before submission, and making the response team aware of its higher propensity to be invalid, we expect the overall quality of submissions to improve. We're continuing to invest heavily in our capabilities around report classification and expect this engine to get even smarter.
This feature is automatically enabled for all programs.
3. SAML [Settings > Authentication]
Improved Single Sign-On options with support for SAML is now available as well. Response teams using an SSO provider to authenticate (such as Okta, Ping Identity, OneLogin, Bitium, and Google Apps) can authentication to their HackerOne programs using those services for centralized authorization and identity management. More information can be found on our help center.
4. Suggest a Bounty [Set Award > Suggest Amount]
We often find that response teams have to meet to determine reward amounts. To assist in this process, we've built inline voting functionality to help teams more easily arrive at consensus. We believe this will also help you ensure more consistency with reward amounts.
Suggest a bounty and discuss with your team-mates
5. Report Abuse [In Report]
Disagreements or contentious discussions may occasionally arise in the course of investigating a report. We've often served as a mediator in these scenarios to assist both parties in arriving at a resolution. If any disagreements or discussions arise about which you'd like an independent opinion, you can now request mediation and our experts will provide guidance.
Request mediation or Ban a researcher from your program
6. Additional Integrations
We hope you'll find these new features and are looking forward to what's next! Any questions, feedback, or requests? We're always available at email@example.com.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.