-
HackerOne Announces a New Customer Pentest Setup that's More Efficient and Speeds Time to Launch
This improved experience reduces time to launch, which is vital when your organization is up against an urgent timeline to complete a pentest due to a recent acquisition, a security breach,...
-
Why HackerOne Acquired Pull Request and What It Means to Our Customers
Security vulnerabilities are a significant workflow disruption when discovered near the end of development. Vulnerabilities found after release are a bigger problem. Depending on the severity,...
-
Announcing the Results of the 12-month DIB-VDP Pilot
Learn more about the DoD DIB-VDP Pilot here.
-
How Wix Improves Their Security Posture with Ethical Hackers
Reducing risk is fundamental to Wix’s approach to cybersecurity, and as the threat landscape evolves, they turn to HackerOne Bounty to protect their security posture. Since 2018, Wix has invited...
-
Announcing the HackerOne 2022 Attack Resistance Report: A Security Survey—How to Close Your Organization's Attack Resistance Gap
Today, HackerOne published The 2022 Attack Resistance Report: A HackerOne Security Survey. Our research revealed an increasing gap—the attack resistance gap—between what organizations can defend...
-
How Ethical Hackers Help A.S. Watson Address Digital Risk
A.S. Watson Group knows this as well as anyone. As the world’s largest international health and beauty retailer, they are in charge of the security for a footprint that includes more than 16,400...
-
Preventing Compromised Password Reuse on HackerOne.com
This week, we rolled out an improvement to account security on the HackerOne website. We now block the use of any password known to have been compromised in major data breaches. This applies to...
-
Shifting Left with Ethical Hackers: A Q&A with GitLab
We sat down with James Ritchey, Application Security Team Manager at GitLab and a three-year member of HackerOne’s Technical Advisory Board. James talked about how GitLab is shifting left to bring...
-
Donating Bounties to Humanitarian Efforts in Ukraine
In 2020, we launched the Hack for Good program to allow ethical hackers to donate their bounties to charitable causes. With the world's eyes on the invasion of Ukraine, we are inviting hackers to...
-
Addressing the Security Gap in High Velocity Modern Application Development Cycles
In November and December 2021, ESG interviewed HackerOne customers from three companies. Discussions centered on how they are adapting their application security programs.
-
Securing Digital Transformation with Vulnerability Disclosure: A Q&A with John Deere CISO, James Johnson
John Deere’s CISO, James Johnson, and his team are committed to ensuring that the people who depend on John Deere for their livelihood rest easy knowing their information and products are secure....
-
Nine Months into the DIB-VDP Pilot, Nearly 1,000 Valid Vulnerabilities Have Been Identified
Maintaining the security of the digital assets within the Defense Industrial Base (DIB) contractor networks helps defend the United States of America. For the last nine months, Department of...
-
2022 Buyer’s Guide to Pentesting - How to Choose and Assess the Ideal Pentest Solution for Your Organization’s Needs
Pentests are a foundational requirement for any security program, and come in multiple forms. Our Hacker-Powered pentests can uncover critical findings that traditional pentests often miss. Learn abou
-
The HackerOne Global Top 10—Hacker Expertise, Industry Data, and Up-to-Date Vulnerabilities
Many security teams use the OWASP Top 10 as a guideline to understand where they should focus their security strategies and cyberattack prevention efforts. The OWASP Top 10 originated in 2003 and...
-
Log4Shell: Attack Evolution
For many security teams, the holiday season was spoiled by the challenging remediation of Log4Shell. The affected Log4j software is ubiquitous in web applications, making this one of the most...
-
Log4j Vulnerability Activity on the HackerOne Platform
December 17th Update: Vulnerabilities in Log4j have been evolving over the course of this week since the original disclosure of CVE-2021-44228, also known as Log4Shell. There is now a second...
-
55:33
De-Risk Your Supply Chain with Security Ratings & Vulnerability Detection
-
Common Vulnerability Scoring System [CVSS] | A Complete Explanation
What Is the Common Vulnerability Scoring System? CVSS is a free and open industry standard for assessing the severity of computer system security vulnerabilities. It produces a numerical score to...
-
Hacker-Powered Security Report: Industry Insights '21
-
How Hackers Help Organizations Face New Attack Vectors and Build Stronger Security Programs
Among the topics they explored included the success of their long-running bug bounty programs in discovering security vulnerabilities, how to explain program value to C-suite executives, and why...
-
Loading More...