HackerOne
The HackerOne Blog
-
Degrees of Innovation: HackerOne’s Next Step in Inclusive Hiring
To reflect this, we're changing our hiring practices – we no longer require a bachelor's degree on most job descriptions. Instead, we're focusing on a skill-based hiring experience.Why are we...
-
Re-live the Security@ magic in our on-demand video library!
Take me there! -
HackerOne’s In-Depth Approach to Vulnerability Triage and Validation
Like triaging in a hospital emergency room, security issues must be diagnosed and handled by an expert as soon as they arrive. But it doesn’t stop there. Just as an ER needs good doctors, a triage...
-
Shift Left is Dead: A Post Mortem
The goal of shift left — to catch vulnerabilities early in the software development lifecycle (SDLC) — is sound and critically important. But, when it comes to results, the overwhelming majority...
-
NCSC Recognises The Work Of Ethical Hackers With An Appreciation Event
The NCSC’s VRS JourneySince 2018, 844 hackers have submitted vulnerabilities to the NCSC’s VRS. The NCSC invited a selection of those hackers who have shown themselves to be exemplars of...
-
The White House Should Prioritize Cybersecurity in its Budget
Recommendations for the FY2025 President’s BudgetAlthough there has been a consistent increase in cybersecurity funding across civilian agencies, the government is far from finished when it comes...
-
Hai: The AI Assistant for Vulnerability Intelligence
This week, we have officially launched the beta version of our GenAI co-pilot, Hai. Hai introduces GenAI capabilities into the HackerOne Platform. With deep security knowledge and strong reasoning...
-
Snap's Safety Efforts With AI Red Teaming From HackerOne
Explaining The Difference Between Red Teaming For AI Safety and AI SecurityAI red teaming for safety issues focuses on preventing AI systems from generating harmful content, such as providing...
-
The Risk of AI Voice Cloning: Q&A With an AI Hacker
Q: What Is AI Voice Cloning?A: AI is voice cloning technology that allows anyone to take a little bit of audio — it could be less than 30 seconds — and totally recreate the voice in that audio,...
-
Decoding the Characteristics of Modern Pentesting: Speed
In evaluating the myriad of security testing methodologies available, we consider them against three pivotal metrics to ascertain their overall efficacy and alignment with organizational...
-
How an Improper Access Control Vulnerability Led to Account Theft in One Click
HackerOne’s 7th Annual Hacker Powered Security Report states that improper access control is the second most common vulnerability reported in a bug bounty and number four reported in a pentest. It...
-
How to Use AI Prompting for Security Vulnerabilities
What Is an AI Prompt?A prompt is an instruction given to an LLM to retrieve desired information to have it perform a desired task. There are so many things that we can do with LLMs and so much...
-
Recap: Elite Pentesters Tell All in a Live Q&A
The participants answered live as well as carefully curated questions from popular community platforms such as Quora, Reddit, and LinkedIn. Below is a quick look into the question...
-
How to Find Mistakes Earlier and Save Money With Code Security Audit
As a result, it’s only natural that code gets shipped with security flaws. Thankfully, many organizations have solutions in place to catch security vulnerabilities after code is shipped, like...
-
How a Cross-Site Scripting Vulnerability Led to Account Takeover
According to HackerOne’s 7th Annual Hacker Powered Security Report, XSS is the number one most common vulnerability for bug bounty and number two for pentesting. Combining the three most common...
-
HackerOne Partners With Semgrep to Combine Expert Code Review With Powerful Automation
Shipping clean, secure code should be easier. HackerOne originally acquired PullRequest in 2022 to power developer-first security solutions that enable modern development. Semgrep and HackerOne...
-
How Coordinated Vulnerability Disclosure Can Boost Election Integrity and Public Perception
1. This year, The first collaborative engagement dedicated to establishing trust and demonstrating progress through coordinated vulnerability disclosure occurred at the Election Security Research...
-
The Power of Connection: The Importance of Weekly All-Hands Meetings at HackerOne
While remote work has its benefits, it also poses the challenge of keeping employees engaged and fostering cross-functional awareness. To tackle this issue, we maintained our weekly all-hands...
-
SEGA and SIX Group: The Value of VDP and Bug Bounty
Why VDP and Bug Bounty? Mohamed Bensakrane was able to use VDP as a way to establish a point of contact with hackers, as well as proof of value that led to the establishment of a bug bounty...
-
Unlocking Trust in AI: The Ethical Hacker's Approach to AI Red Teaming
Regulatory Landscape and Business Imperatives Testing AI systems for alignment with security, safety, trustworthiness, and fairness is more than just a best practice — it is becoming a regulatory...
-
The 2023 Ambassador World Cup Final: Results, Impact, and Looking Ahead
The Results Are In And the winner is…Spain! First off, our sincerest congratulations to the Spanish team for taking home the title. It was no easy task to defeat the other top three teams —...
- Loading More...