Resources - Videos, White Papers, etc.

Report

Hacker-Powered Security Report 2019

Get your copy of The 2019 Hacker-Powered Security Report

Download

All Resources

Case Studies

Guides

Reports

Webinars

Videos

Infographics

Guide

The Beginners’ Guide to Bug Bounty Programs

Case Study

PayPal Resolves 300 Vulnerabilities in First Year on HackerOne

Case Study

Upserve Resolves Over 85 Bugs in Two Years

During that time, Upserve’s security team has resolved over 85 valid vulnerabilities thanks to hackers, paying $68,000 in bounties along the way.

Video

Meet HackerOne: The New Way of Doing Security

Report

Hacker-Powered Security Report 2019

Get your copy of The 2019 Hacker-Powered Security Report

Webinar

Hacker-Powered Data - Security Weaknesses and Embracing Risk with HackerOne

Report

Why Leading Businesses are Turning to Crowdsourced Security for Web Apps

Cybercriminals are exploiting application vulnerabilities to carry out increasingly devastating attacks. But standard prerelease scanning and pentesting services fail to detect these key vulnerabilities.

Report

Global Security Threats Require Global Security Coverage

Case Study

European Union Open Source Bug Bounty Programme Customer Story

Case Study

Priceline Launches Public Bug Bounty Program: Q&A with Matt Southworth

Case Study

Program Insights from the PayPal Security Team

Case Study

Achieving SOC 2 Type II Compliance with Hacker-Powered Security—Grand Rounds Customer Story

Case Study

Inside the GitLab Public Bug Bounty Program

Case Study

Q&A with Brian Neely, CIO & CISO of AMERICAN SYSTEMS

Case Study

Fanduel’s Liam Somerville: Hackers Are an Extension of the Security Team

Report

Top 20 Public Bug Bounty Programs of All Time

Ever wonder who runs the biggest, fastest, and most lucrative bug bounty programs on the HackerOne platform? Now you can find out!

Webinar

Sonatype and HackerOne Team Up to Make Open Source Safer

Webinar

Meet PCI DSS Requirements for Assessing Vulnerabilities with Crowdsourced Security Testing

Webinar

Forrester Study on the Total Economic Impact of Crowdsourced Pen Tests

Join Forrester Analyst Amy DeMartine as she highlights trends in Application Security as well as Jonathan Lipsitz who will walk through the findings of the TEI Report

Guide

What Every Security Leader Needs to Know Handbook

Guide

Secure from the Start: The Complete Guide for Entrepreneurs

Report

Forrester Total Economic Impact™ Study: HackerOne

Better security, more satisfied customers, and better value

Webinar

Verizon Media on Reducing Risk with h1

Watch this on demand webinar and learn what the Paranoids at Verizon Media have learned about their attack surface through the HackerOne program

Webinar

To Bounty or Not to Bounty: Why Priceline Uses Hackers to Reduce Risk

Video

AWS and HackerOne: From Villains to Heroes: The Hacking Evolution

Case Study

How About You Uses Hacker-Powered Security

Webinar

Exploring the Top 15 Most Common Vulnerabilities with HackerOne, GitHub, and Threatpost

In this webinar, HackerOne co-founder Michiel Prins will cover the top 15 vulnerabilities types of the 100,000+ valid vulnerabilities reported across the HackerOne platform.

Webinar

Avoid the Breach with Effective Application Security Testing

Webinar

Webinar: Hackers Aren't Criminals

Learn how collaborating with ethical hackers minimizes cyber risk and the policies that promote a "neighborhood watch” driven approach to security.

Report

The 2019 Hacker Report

The 2019 Hacker Report brings the HackerOne community to life with statistics, interviews, insights, and more from over 300,000 individuals working to make the internet a safer place.

Webinar

Webinar Series: Meeting Compliance Needs While Managing Risk Effectively

Learn how you can work with your QSA and auditors to meet your compliance needs.

Guide

Improve ROI with Hacker-Powered Pen Tests

Every security-aware organization uses penetration tests to simulate attacks, close security gaps, and fulfill compliance requirements.

Webinar

Webinar Series: The Best, Crawl, Run Approach to Bug Bounties

Learn how you can implement hacker-powered security strategically with your security needs and maturity in mind.

Webinar

Webinar: Ethical Hacking Essentials

Learn how you can work with a community of ethical security researchers to discover critical vulnerabilities, have meaningful interactions, and improve your security posture. #TogetherWeHitHarder

Video

The Cyber Security Survival Guide for Startups

When running a startup, it is vital to know and identify the possible threats the cyber space holds in it. CEO at HackerOne Mårten Mickos, Jesse Kinser, the Director of Product Security at LifeOmic and Frans Rosén, Security Advisor at Detectify will let you in their mindset of operating a hack-free startup.

Guide

Next-Gen Application Security. Launch effective agile security for agile development.

Improve your application security by following these words of advice on how to incorporate bug bounties and crowdsourced pen tests into your DevOps pipeline

Guide

Crowdsourced Penetration Testing - What It Is and Best Practice Guide

Webinar

Accelerating Innovation Without Compromising Security or Quality - GitHub

Guide

MSPs Under Attack from Cybercriminals: 4 Steps to Take

Read this new ebook to learn 4 steps MSPs can take today in response to this government alert.

Guide

Vulnerability Disclosure Policy: What is it. Why you need one. How to get started.

Guide

The Beginners' Guide to Hacker-Powered Security

In this exhaustive guide, you’ll learn: How you can easily and quickly add hacker-powered security in a step-by-step process...

Webinar

Relying on Bug Bounty Programs in the Financial Services

Join financial services veteran, Jason Pubal, for this informative webinar on bug bounty implementation for financial services firms. Jason will review how in an agile and devops world, bug bounty programs help align information security with the new pace of product development and enhance a penetration testing program to be more focused and valuable.

Report

The HackerOne Community Difference: How to work with hackers

Get to know the HackerOne community of hackers and see details of the HackerOne platform and approach.

Guide

Hacker-Powered Security For Startups

Hacker-powered security checks off each of those boxes for growth-stage startups. It’s a cost-effective means for reducing risk and improving security, while also enabling engineering scalability and efficiency.

Guide

7 Common Security Pitfalls to Avoid When Migrating to the Cloud

No one migrates to the cloud to become less secure than before the migration. Read on to learn how to prevent such a security regression when migrating to the cloud.

Report

The Hacker-Powered Security Report - Financial Services & Insurance Edition

Vulnerability data and hacker-powered security adoption metrics for the financial services industry

Guide

Why You Need Vulnerability Disclosure Policy

VDPs protect companies and hackers. That’s why the U.S. Department of Justice, the European Commission, and the U.S. Food & Drug Administration recommend them.

Guide

Software Vulnerability Disclosure in Europe

Summary and Key Highlights of the European Parliament CEPS Task Force Report

Case Study

SumoLogic and Hacker-Powered Pen Tests for Security and Compliance

When customers trust you to store and manage their data in the cloud, and regulatory agencies are watching, you need more than just the traditional approach to security.

Case Study

Zomato Customer Story

Connecting eaters with restaurants is Zomato’s main business, so they took a hospitable approach to hackers, driving engagement and quality submissions vital to the security of Zomato’s customers and core business applications.

Webinar

The Hacker-Powered Security Report 2018 Key Findings Highlighted

Fireside Chat between Marten Mickos - HackerOne CEO and Luke Tucker, Director Content & Community, HackerOne

Case Study

WHY NEXTCLOUD PUTS HACKER-POWERED SECURITY FRONT AND CENTER

Read how Nextcloud uses HackerOne to expand their security efforts while maintaining a tight budget and keeping up with speedy competitors

Case Study

How Salesforce Uses Bug Bounties to Protect Their Customers' Data

Over the past 3 years, Salesforce has worked with HackerOne to accept thousands of bug reports and award bounties to more than 1,200 hackers. The results are nothing short of a resounding success.

Report

How HackerOne Secures Blockchain and Cryptocurrency

More than 40 of the top blockchain and cryptocurrency companies trust HackerOne and our community of white-hat hackers to strengthen their security and protect their users.

Webinar

Hacker-Powered Pen Tests : the modern alternative to traditional Pen Tests

Report

The Hacker-Powered Security Report 2018

The study on the hacker-powered security ecosystem

Guide

Vulnerability Disclosure Policy Basics for The Financial Services Industry: 5 Critical Components Every Policy Needs

Read the e-book to get all the details you need to implement a complete and compliant policy.

Infographic

HackerOne Challenge Customer Testimonials

HackerOne Challenge customers—from the U.S. Department of Defense and the U.S. Air Force, to GitHub to Airbnb—and 100’s more customers are embracing the hacker-powered approach to increase the value they receive from point-in-time security tests. Here’s what they had to say in their own words.

Video

Reina Staley: How and Why the US Department of Defense works with white hat hackers

Reina is with the Defense Digital Service, as part of the larger US Digital Service; those responsible for Hack the Pentagon.

Guide

Start with Security Best Practices Guide

What the Federal Trade Commission learned from more than 50 law enforcement actions related to data security

Guide

Get more from your pentest budget

Don’t just check the box on your annual pen test regimen but get useful results to improve your overall security.

Video

HackerOne Customer Story- Chris Nims - CISO Oath

Report

How the Automotive Industry is Working with Hackers to Improve Security

General Motors, Toyota, Auto-ISAC, and others are setting the cybersecurity pace for the entire automotive industry to follow.

Guide

Lessons from Equifax: When Every CISO’s Worst Case Scenario Becomes Your New Reality

What's it like testifying in front of congress after a massive breach?

Video

HackerOne CEO Marten Mickos on NBC: Would you hack the Department of Homeland Security?

HackerOne CEO Marten Mickos joins NBC anchor and reporter Scott McGrew, Gizmodo's Kate Conger, and Reuters' Heather Somerville to discuss bug bounties and the latest Hack the Department of Homeland Security Bill (HR 1281)

Case Study

How GM works with hackers to enhance their security

Read about GM’s success of working with HackerOne and the white hat hacker community

Guide

CISO's Guide to GDPR - Q&A with Thomas Fischer

CISO's look to Thomas for getting their GDPR questions answered. Read the full interview with Thomas as he addresses some key concerns on this hot topic

Case Study

Qualcomm Embraces Hacker-Powered Security

Qualcomm's Alex Gantman shares advice and best practices on working with security researchers and running a bug bounty program

Case Study

The Shopify Hacker-Powered Security Story

Shopify uses bug bounties to safeguard their merchants and turn the tables on vulnerabilities...and criminals.

Report

US Senate Subcomittee on Data Security and Bug Bounties

Read HackerOne Co-Founder and CTO Alex Rice’s summary of the hearing testimony, a full transcript of the hearing testimony of HackerOne CEO, Mårten Mickos, and also included are responses to follow up questions from U.S. Senator Jerry Moran of Kansas.

Webinar

The Data Protection Officer (DPO): Everything You Need to Know

Privacy expert and DPO consultant Debra Farber presents on the GDPR requirements for the Data Protection Officer

Guide

Hacker Vetting: Trusted Security Talent for the Enterprise

HackerOne provides several layers of control for selecting, inviting, and approving hackers based on their Reputation metrics, past program participation, specific skills, and more. Read how it works.

Case Study

Distributed Defense: How Government Agencies Deploy Hacker-Powered Security

Government agencies such as the US DoD, EU Commission, Singapore MINDEF and others, trust HackerOne to manage their hacker-powered security programs. Read their success stories.

Infographic

OWASP Top 10 Web Security Risks of 2017

Flashcards formatted for easy printing and sharing

Infographic

How Hackers Spend Their Bounties

In the past 5 years, our community of hackers has earned more than $24 million in bounties—and they’re on track to earn $100 million by the end of 2020. But we’ve often wondered: what are they doing with all of that money?

Guide

What percentage of your vulnerabilities have GDPR implications?

See data from HackerOne platform and interview with CISO of the year, Leo Niemela

Report

The 2018 Hacker Report

The largest survey ever conducted of the ethical hacking community. See statistics and growth metrics, insights into hacker motivations and mindset, and hacker stories.

Case Study

Yelp analyzes the first 100 days of their public bug bounty program

Read how Yelp transitioned from a private bug bounty program to a public bug bounty program and their learnings and statistics

Case Study

WordPress Security Team Lead on their public bug bounty program launch

More than 25% of websites are powered by WordPress. Learn about their security team's approach to bug bounties

Case Study

Why Riot Games pays hackers to break them

Read about the strategies Riot Games employs in their successful bug bounty program which has paid out over $1M to hackers. Teaser: respect the hackers!

Case Study

Mapbox's journey to a public bug bounty program

Read how the security team at Mapbox have grown from a simple vulnerability disclosure policy to a robust and competitive bug bounty program. Written by Alex Ulsh from Mapbox.

Case Study

Coinbase finds security and success with bug bounties

Coinbase is the most popular way to buy and sell cryptocurrencies. Read how they increased their bounties and secure their platform with HackerOne.

Case Study

Alien Vault streamlines their vulnerability disclosure with HackerOne Response

HackerOne Response is helping AlienVault manage incoming reports, triage them, and automatically create tickets on their internal ticketing system. Read how.

Guide

Train Your Employees to Think Like Hackers

Why thinking like a hacker is good for business

Guide

Shift security to the left for effective GDPR compliance... and better code

How you can protect your code, key GDPR articles you need to read, and your plan for when vulnerabilities are discovered by third parties

Guide

OWASP Top 10 2017 Flash Cards

A flash card reference guide to the 10 most critical web security risks of 2017

Guide

Breach Basics: Preparation for the Inevitable

Guidance on how to most effectively respond to a breach.

Guide

Traditional Pen Testing versus Hacker-Powered Pen Testing

See a side-by-side comparison chart of traditional pen tests and hacker-powered pen tests.

Webinar

Learn Coordinated Vulnerability Disclosure Basics From The Experts

HackerOne welcomes Allen D. Householder and Art Manion, co-authors of the 121 page CERT® Guide to Coordinated Vulnerability Disclosure, for an Ask Me Anything session around their research and thoughts on vulnerability disclosure.

Guide

Your TL;DR Summary of the CERT Guide to Coordinated Vulnerability Disclosure

We distilled the 121-page CERT Guide to Coordinated Vulnerability Disclosure into a handy cliff notes version for easy reference

Guide

Voices of Vulnerability Disclosure

16 quotes from business and government leaders on why you need a vulnerability disclosure policy in place today to avoid being Equifax tomorrow

Guide

GDPR Guide: 12 Steps to Take Now

Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018

Guide

Hacker-Powered Pen Tests and the Power of More

See how Hacker-Powered Pen Tests deliver 10x the results at a fraction of the cost of traditional penetration tests

Infographic

Where and How Bug Bounties Fit Into The SDLC

Infographic showing how bug bounties are an invaluable tool for a secure SDLC.

Report

Hacker-Powered Security Report 2017: Financial and Banking Edition

Our deep dive into vulnerabilities and programs for the financial services industry with new data and insights

Case Study

Defending the Federal Government from Cyber Attacks

The U.S. Department of Defense (DoD), in a first for the U.S. Federal Government, invited white hat hackers to find security flaws in systems run by the Pentagon, Air Force, and Army.

Webinar

Senior Red Team Expert -Mack Staples on Building World Class Bug Bounty Program

Webinar

AMA with Authors of The CERT Guide to Coordinated Vulnerability Disclosure

Infographic

9 Top Bug Bounty Programs

See some of the top companies running successful bug bounty programs on HackerOne.

Webinar

Webinar: Why Executives Underinvest in Security

Watch this webinar to learn how to get around misguided thinking that leads to executive under investment in cyber security, and secure the resources you need.

Report

Hacker-Powered Security Report 2017: Ecommerce and Retail Edition

Specifically focused on the ecommerce and retail industry, this report covers data and insights from 800+ bug bounty programs.

Webinar

451 Research Webinar: Bug Bounties and the Path to Secure Software

Scott Crawford, Research Director of Information Security at 451 Research, shares: Why having a Vulnerability Disclosure Policy is now “table stakes” and how bug bounties fit into the secure software development lifecycle

Guide

Vulnerability Disclosure Policy (VDP) Basics

Download Vulnerability Disclosure Policy (VDP) Basics -- A complete guide for crafting an effective Vulnerability Disclosure Policy.

Infographic

5 Critical Components of Every Vulnerability Disclosure Policy in Finance

A vulnerability disclosure policy (VDP) gives ethical hackers clear guidelines for reporting potentially unknown and harmful security vulnerabilities.

Video

Hack the Air Force 2.0 Live-Hacking Event brings together Airmen and Hackers

Video

Shopify's Andrew Dunbar on the Success of h1-415

Guide

7-Step Roadmap to Hacker-Powered Security Success by 451 Research

Get the TL;DR on 451 Research’s latest “pathfinder report” advising decision-makers on the value of bug bounties and the importance of a compliant vulnerability disclosure process.

Infographic

5 Hacker-Powered Trends You Need to Know About

For your quick reference, we’ve distilled the report to 5 key trends that show how white-hat hackers are shaping the world of security.

Report

Security Risk Assessment Report - Key Facts

All the data from the HackerOne Hacker-Powered Security Report 2017

Webinar

Advisory Webinar From Top Cyber Security Experts

Report

How Bug Hunters From Pictet Security Make Internet Safer

Pictet’s Security in a digital world issue twenty-one

Guide

451 Research Pathfinder Report: Bug Bounties and the Path to Secure Software

451 Research explores the role of bug bounties and vulnerability disclosure in the secure SDLC

Case Study

Case Study: The Zenefits Bug Bounty Story

How to ensure security of the sensitive financial data for over 10,000 small and medium businesses? Run a top-tier bug bounty program.

Webinar

Hear How GitLab innovates faster without sacrificing security or quality

GitLab’s Product Manager, Victor Wu, dives into how GitLab helps you ship secure code, the tools they use, and a few industry best practices they follow to protect data and secrets.