HackerOne

The HackerOne Blog

  • Degrees of Innovation: HackerOne’s Next Step in Inclusive Hiring

    Degrees of Innovation: HackerOne’s Next Step in Inclusive Hiring

    To reflect this, we're changing our hiring practices – we no longer require a bachelor's degree on most job descriptions. Instead, we're focusing on a skill-based hiring experience.Why are we...

    Read Article
  • Re-live the Security@ magic in our on-demand video library!

    Take me there!
  • HackerOne’s In-Depth Approach to Vulnerability Triage and Validation

    HackerOne’s In-Depth Approach to Vulnerability Triage and Validation

    Like triaging in a hospital emergency room, security issues must be diagnosed and handled by an expert as soon as they arrive. But it doesn’t stop there. Just as an ER needs good doctors, a triage...

    Read Article
  • Shift Left is Dead: A Post Mortem

    Shift Left is Dead: A Post Mortem

    The goal of shift left — to catch vulnerabilities early in the software development lifecycle (SDLC) — is sound and critically important. But, when it comes to results, the overwhelming majority...

    Read Article
  • NCSC Recognises The Work Of Ethical Hackers With An Appreciation Event

    NCSC Recognises The Work Of Ethical Hackers With An Appreciation Event

    The NCSC’s VRS JourneySince 2018, 844 hackers have submitted vulnerabilities to the NCSC’s VRS. The NCSC invited a selection of those hackers who have shown themselves to be exemplars of...

    Read Article
  • The White House Should Prioritize Cybersecurity in its Budget

    The White House Should Prioritize Cybersecurity in its Budget

    Recommendations for the FY2025 President’s BudgetAlthough there has been a consistent increase in cybersecurity funding across civilian agencies, the government is far from finished when it comes...

    Read Article
  • Hai: The AI Assistant for Vulnerability Intelligence

    Hai: The AI Assistant for Vulnerability Intelligence

    This week, we have officially launched the beta version of our GenAI co-pilot, Hai. Hai introduces GenAI capabilities into the HackerOne Platform. With deep security knowledge and strong reasoning...

    Read Article
  • Snap's Safety Efforts With AI Red Teaming From HackerOne

    Snap's Safety Efforts With AI Red Teaming From HackerOne

    Explaining The Difference Between Red Teaming For AI Safety and AI SecurityAI red teaming for safety issues focuses on preventing AI systems from generating harmful content, such as providing...

    Read Article
  • The Risk of AI Voice Cloning: Q&A With an AI Hacker

    The Risk of AI Voice Cloning: Q&A With an AI Hacker

    Q: What Is AI Voice Cloning?A: AI is voice cloning technology that allows anyone to take a little bit of audio — it could be less than 30 seconds — and totally recreate the voice in that audio,...

    Read Article
  • Decoding the Characteristics of Modern Pentesting: Speed

    Decoding the Characteristics of Modern Pentesting: Speed

    In evaluating the myriad of security testing methodologies available, we consider them against three pivotal metrics to ascertain their overall efficacy and alignment with organizational...

    Read Article
  • How an Improper Access Control Vulnerability Led to Account Theft in One Click

    How an Improper Access Control Vulnerability Led to Account Theft in One Click

    HackerOne’s 7th Annual Hacker Powered Security Report states that improper access control is the second most common vulnerability reported in a bug bounty and number four reported in a pentest. It...

    Read Article
  • How to Use AI Prompting for Security Vulnerabilities

    How to Use AI Prompting for Security Vulnerabilities

    What Is an AI Prompt?A prompt is an instruction given to an LLM to retrieve desired information to have it perform a desired task. There are so many things that we can do with LLMs and so much...

    Read Article
  • Recap: Elite Pentesters Tell All in a Live Q&A

    Recap: Elite Pentesters Tell All in a Live Q&A

    The participants answered live as well as carefully curated questions from popular community platforms such as Quora, Reddit, and LinkedIn. Below is a quick look into the question...

    Read Article
  • How to Find Mistakes Earlier and Save Money With Code Security Audit

    How to Find Mistakes Earlier and Save Money With Code Security Audit

    As a result, it’s only natural that code gets shipped with security flaws. Thankfully, many organizations have solutions in place to catch security vulnerabilities after code is shipped, like...

    Read Article
  • How a Cross-Site Scripting Vulnerability Led to Account Takeover

    How a Cross-Site Scripting Vulnerability Led to Account Takeover

    According to HackerOne’s 7th Annual Hacker Powered Security Report, XSS is the number one most common vulnerability for bug bounty and number two for pentesting. Combining the three most common...

    Read Article
  • HackerOne Partners With Semgrep to Combine Expert Code Review With Powerful Automation

    HackerOne Partners With Semgrep to Combine Expert Code Review With Powerful Automation

    Shipping clean, secure code should be easier. HackerOne originally acquired PullRequest in 2022 to power developer-first security solutions that enable modern development. Semgrep and HackerOne...

    Read Article
  • How Coordinated Vulnerability Disclosure Can Boost Election Integrity and Public Perception

    How Coordinated Vulnerability Disclosure Can Boost Election Integrity and Public Perception

    1. This year, The first collaborative engagement dedicated to establishing trust and demonstrating progress through coordinated vulnerability disclosure occurred at the Election Security Research...

    Read Article
  • The Power of Connection: The Importance of Weekly All-Hands Meetings at HackerOne

    The Power of Connection: The Importance of Weekly All-Hands Meetings at HackerOne

    While remote work has its benefits, it also poses the challenge of keeping employees engaged and fostering cross-functional awareness. To tackle this issue, we maintained our weekly all-hands...

    Read Article
  • SEGA and SIX Group: The Value of VDP and Bug Bounty

    SEGA and SIX Group: The Value of VDP and Bug Bounty

    Why VDP and Bug Bounty? Mohamed Bensakrane was able to use VDP as a way to establish a point of contact with hackers, as well as proof of value that led to the establishment of a bug bounty...

    Read Article
  • Unlocking Trust in AI: The Ethical Hacker's Approach to AI Red Teaming

    Unlocking Trust in AI: The Ethical Hacker's Approach to AI Red Teaming

    Regulatory Landscape and Business Imperatives Testing AI systems for alignment with security, safety, trustworthiness, and fairness is more than just a best practice — it is becoming a regulatory...

    Read Article
  • The 2023 Ambassador World Cup Final: Results, Impact, and Looking Ahead

    The 2023 Ambassador World Cup Final: Results, Impact, and Looking Ahead

    The Results Are In And the winner is…Spain! First off, our sincerest congratulations to the Spanish team for taking home the title. It was no easy task to defeat the other top three teams —...

    Read Article
  • loading
    Loading More...