Capital One Teams Up With Top-Tier Ethical Hackers at H1-305
Last month, Capital One and 52 highly skilled ethical hackers from around the world came together in Miami, FL, USA for Capital One’s second live hacking event (LHE) with HackerOne. With help from this amazing group of hackers, Capital One put its products through rigorous stress testing, with the end goal of reducing risk and increasing security for their end users.
“Capital One puts the security of our customers and our systems at the forefront of everything we do. Live Hacking Events are a key component of our robust security testing strategy and are a unique and dynamic way to engage with the ethical hacking community, allowing us to form close partnerships with each of the hackers. Across industry, these types of events are considered a gold standard to ensure companies are approaching risk from every potential angle, and we're grateful for the hackers' hard work and partnership to help us further bolster our defenses."
— Kathryn Torelli, Bug Bounty Lead, Capital One
H1-305: By the Numbers
The participants:
- 52 participating researchers
- 22 countries represented
- 144 Collaborations
The results:
- Over 1,300 hours of reported testing conducted
- 105 valid reports
- 49 unique reporters
- $750,000+ total awards
The Hackers
Capital One considers LHEs essential to maintaining an industry-leading program. Live hacking events allow the best and brightest security researchers to collaborate in person. Every security researcher who joined Capital One at H1-305 added value to the program.
One hacker, @archangel, took a different approach at H1-305. Typically, @archangel is heavily involved in collaboration during live hacking events, but he decided to take this one solo. His hard work and effort paid off, earning him not only first place but also the title of the event’s Most Valuable Hacker.
Congratulations to @archangel and the other winners of H1-305!
- First place: @archangel
- Second place: @rhynorater
- Third place: @avishai
- Exterminator (most critical/impactful vulnerability of the event): @stealthy
- Eliminator (best bug on a specific skill set): @fr4via
- Eradicator (best bug of the final event day): @CDL, @m0chan, @nagli
- Most Valuable Hacker (Community, Criticality, Consistency): @archangel
“One of the noteworthy lessons learned for all security teams from this live hacking event was the inclusion of software and engineering teams from Capital One. It was exciting and powerful to observe the benefits of the live collaboration between Capital One engineering teams and the hacker community. The ability for engineers and hackers to ask live questions of each other created unique opportunities for learning and working together.”
— Alex Rice, CTO, HackerOne
Activities
Alongside hours of exciting hacking, hackers and the Capital One team enjoyed the beautiful Miami weather, food, and arts scene. At the Wynwood Walls museum, featuring hundreds of artists from over 20 countries, hackers were able to test their own artistic abilities by spray painting during the interactive portion of the museum. With delicious food trucks and great weather, it was a fun opportunity for everyone to explore Miami!
Thank you to all the H1-305 participants for making this live hacking event an amazing success, and to Capital One for our continued partnership for a safe and secure internet. Learn more information about live hacking events with HackerOne.
The 8th Annual Hacker-Powered Security Report