Blog

Home > Blog > best practices

best practices

Browse by Category

Recent Posts

One Month of Learnings from Flo Health’s Bug Bounty Program: A Q&A with CISO, Leo Cunningham

The world’s most popular women’s health app, Flo Health, is responsible for the sensitive health data of 40 million women. With that much PII under their purview, Flo Health’s CISO knew that enabling his security team with the most advanced security testing methods was of the utmost importance to brand trust and user loyalty. 

HackerOne
Read More

Citrix’s Hacker-Powered Security Growth Plan: Q&A with Abhijith Chandrashekar

We recently sat down with Abhijith Chandrashekar, PSIRT Manager at Citrix, to discuss why Citrix continues to expand their bug bounty program and learn about their cloud security and scope expansion plans. Read on to see what he had to say.

HackerOne
Read More

60 days of insights from the DoD’s Defense Industrial Base Vulnerability Disclosure Program Pilot

It's been 60 days since the DoD's Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) pilot launched. In this blog, DC3 and HackerOne sit down to talk about the pilot’s early successes, learnings to date, and their goals for the future.

HackerOne
Read More

What To Do When You Don’t Know You’ve Been Compromised

On World Password Day, I’m not going to talk about passwords. At the end of last year, HackerOne ran an exclusive campaign with a select group of hackers in which we challenged them to look for information exposures for 11 customers. The data found by the hackers included everything from passwords and authentication tokens to sensitive documents. No matter how secure your passwords are, your data is out there in different clouds and across various third-party vendors — it's only a matter of time before a leak puts your brand at risk.

Michiel Prins
Read More

Saxo Bank Celebrates One Year of Bug Bounties: Q&A with CISO Mads Syska Hasling

One year after launching their private bug bounty program on HackerOne, we sat down with financial services provider Saxo Bank’s CISO, Mads Syska Hasling, to get his insights and learnings from 12 months with a bug bounty program. Read on to see how Saxo Bank thinks about digital security as a non-negotiable for their customers and partners, how bug bounty fits into the broader security program, and advice to other CISOs and stakeholders on leveraging hacker-powered security.

HackerOne
Read More

How HackerOne Helps the Vulnerability Management Process

HackerOne sees vulnerability management as a process combining software tools and security analyst actions to reduce risk. In many cases, successful Vulnerability Management requires a joint effort between security operations, who find vulnerabilities, and IT operations responsible for fixing, or patching, vulnerabilities.

HackerOne
Read More

A Security Engineer and Hacker Share Their Experiences with Security Assessments

A few weeks ago, HackerOne and PortSwigger teamed up to shine a light on the innovative ways that customers and security analysts are scaling risk assessments. Read on for key learnings.

HackerOne
Read More

What Years of AWS Hacking Tells Us About Building Secure Apps

Years of AWS bug bounties have exposed SSRF vulnerabilities, misconfigurations, and dangling DNS records. What can we learn from these vulnerabilities about mitigating risk?

Jobert Abma
Read More

Quantifying Risk: How do you measure success in security?

When your job is all about avoiding costly incidents and mistakes, it’s hard to put a dollar value on your work. At HackerOne’s recent Security@ conference, Slack and Hyatt’s CISOs sat down for a chat about their challenges and the hacks they use to quantify risk: 

HackerOne
Read More

Cybersecurity Vendor Consolidation: Securing More with Less

Discover how hacker-powered security solutions can help identify the gaps and consolidate point-solution tools into a single platform for easier management and measured ROI.

HackerOne
Read More