HackerOne

The HackerOne Blog

  • The Risk of AI Voice Cloning: Q&A With an AI Hacker

    The Risk of AI Voice Cloning: Q&A With an AI Hacker

    Q: What Is AI Voice Cloning?A: AI is voice cloning technology that allows anyone to take a little bit of audio — it could be less than 30 seconds — and totally recreate the voice in that audio,...

    Read Article
  • Re-live the Security@ magic in our on-demand video library!

    Take me there!
  • Decoding the Characteristics of Modern Pentesting: Speed

    Decoding the Characteristics of Modern Pentesting: Speed

    In evaluating the myriad of security testing methodologies available, we consider them against three pivotal metrics to ascertain their overall efficacy and alignment with organizational...

    Read Article
  • How an Improper Access Control Vulnerability Led to Account Theft in One Click

    How an Improper Access Control Vulnerability Led to Account Theft in One Click

    HackerOne’s 7th Annual Hacker Powered Security Report states that improper access control is the second most common vulnerability reported in a bug bounty and number four reported in a pentest. It...

    Read Article
  • How to Use AI Prompting for Security Vulnerabilities

    How to Use AI Prompting for Security Vulnerabilities

    What Is an AI Prompt?A prompt is an instruction given to an LLM to retrieve desired information to have it perform a desired task. There are so many things that we can do with LLMs and so much...

    Read Article
  • Recap: Elite Pentesters Tell All in a Live Q&A

    Recap: Elite Pentesters Tell All in a Live Q&A

    The participants answered live as well as carefully curated questions from popular community platforms such as Quora, Reddit, and LinkedIn. Below is a quick look into the question...

    Read Article
  • How to Find Mistakes Earlier and Save Money With Code Security Audit

    How to Find Mistakes Earlier and Save Money With Code Security Audit

    As a result, it’s only natural that code gets shipped with security flaws. Thankfully, many organizations have solutions in place to catch security vulnerabilities after code is shipped, like...

    Read Article
  • How a Cross-Site Scripting Vulnerability Led to Account Takeover

    How a Cross-Site Scripting Vulnerability Led to Account Takeover

    According to HackerOne’s 7th Annual Hacker Powered Security Report, XSS is the number one most common vulnerability for bug bounty and number two for pentesting. Combining the three most common...

    Read Article
  • HackerOne Partners With Semgrep to Combine Expert Code Review With Powerful Automation

    HackerOne Partners With Semgrep to Combine Expert Code Review With Powerful Automation

    Shipping clean, secure code should be easier. HackerOne originally acquired PullRequest in 2022 to power developer-first security solutions that enable modern development. Semgrep and HackerOne...

    Read Article
  • How Coordinated Vulnerability Disclosure Can Boost Election Integrity and Public Perception

    How Coordinated Vulnerability Disclosure Can Boost Election Integrity and Public Perception

    1. This year, The first collaborative engagement dedicated to establishing trust and demonstrating progress through coordinated vulnerability disclosure occurred at the Election Security Research...

    Read Article
  • The Power of Connection: The Importance of Weekly All-Hands Meetings at HackerOne

    The Power of Connection: The Importance of Weekly All-Hands Meetings at HackerOne

    While remote work has its benefits, it also poses the challenge of keeping employees engaged and fostering cross-functional awareness. To tackle this issue, we maintained our weekly all-hands...

    Read Article
  • SEGA and SIX Group: The Value of VDP and Bug Bounty

    SEGA and SIX Group: The Value of VDP and Bug Bounty

    Why VDP and Bug Bounty? Mohamed Bensakrane was able to use VDP as a way to establish a point of contact with hackers, as well as proof of value that led to the establishment of a bug bounty...

    Read Article
  • Unlocking Trust in AI: The Ethical Hacker's Approach to AI Red Teaming

    Unlocking Trust in AI: The Ethical Hacker's Approach to AI Red Teaming

    Regulatory Landscape and Business Imperatives Testing AI systems for alignment with security, safety, trustworthiness, and fairness is more than just a best practice — it is becoming a regulatory...

    Read Article
  • The 2023 Ambassador World Cup Final: Results, Impact, and Looking Ahead

    The 2023 Ambassador World Cup Final: Results, Impact, and Looking Ahead

    The Results Are In And the winner is…Spain! First off, our sincerest congratulations to the Spanish team for taking home the title. It was no easy task to defeat the other top three teams —...

    Read Article
  • How to Use Your Bug Bounty Budget Efficiently

    How to Use Your Bug Bounty Budget Efficiently

    Cost of a Breach Before diving into the bug bounty data, it’s critical that teams understand the value of a bug bounty program in identifying vulnerabilities before they result in a breach....

    Read Article
  • Career Growth: Insights from Tiffany Jones, VP of Go to Market Operations and Strategy

    Career Growth: Insights from Tiffany Jones, VP of Go to Market Operations and Strategy

    The HackerOne Women@ Employee Resource Group is a platform where women from all parts of the organization can share their career advice. Tiffany Jones, Vice President of Go to Market Operations...

    Read Article
  • Interpret the 2023 GigaOm PTaaS Radar Report with HackerOne

    Interpret the 2023 GigaOm PTaaS Radar Report with HackerOne

    The GigaOm report recognizes and validates the substantial advantages of PTaaS over traditional pentesting, especially for digital-forward organizations. It also provides a technical evaluation of...

    Read Article
  • How Do You Know Ethical Hackers Can Be Trusted?

    How Do You Know Ethical Hackers Can Be Trusted?

    Some of the most common questions prospective customers have about working with hackers are “How do I know I can trust hackers?” and “How do I retain control of my environment?” HackerOne’s Clear...

    Read Article
  • 2024 Live Hacking Events

    2024 Live Hacking Events

    Before we dive into invitations for 2024 and the new criteria and estimated number of hackers within each “bucket,” we remind all our researchers that, regardless of what criteria you qualify...

    Read Article
  • Maintaining the Intelligence Edge in Cybersecurity

    Maintaining the Intelligence Edge in Cybersecurity

    This $300 million not only reflects a decade of making the internet safer but also serves as a beacon to the brightest security minds worldwide. They form the world's largest assembly of ethical...

    Read Article
  • Hack My Career: Meet Kayla Underkoffler

    Hack My Career: Meet Kayla Underkoffler

    In a world where career transitions have become increasingly common, some stories stand out as inspiring. Today, we introduce a remarkable individual who has transitioned from one career to...

    Read Article
  • loading
    Loading More...