HackerOne

The HackerOne Blog

  • Why Retail and E-commerce Organizations Trust Security Researchers During the Holiday Shopping Season

    Why Retail and E-commerce Organizations Trust Security Researchers During the Holiday Shopping Season

    Retail and e-commerce organizations are major targets this time of year, which is why proactive security testing is essential to preparing for a potential onslaught of malicious attacks. Why are...

    Read Article
  • Re-live the Security@ magic in our on-demand video library!

    Take me there!
  • Network and Information Systems Directive (NIS2) Compliance: What You Need to Know

    Network and Information Systems Directive (NIS2) Compliance: What You Need to Know

    This blog will break down the NIS2 Directive drawing information from the original directive briefing published by the European Parliament and explain how organizations can prepare for compliance,...

    Read Article
  • 5 Insights Attendees Gained from the Security@ World Tour

    5 Insights Attendees Gained from the Security@ World Tour

    If you weren’t lucky enough to catch us at a roadshow event, you’ll be delighted to know you can catch us again in 2025 with the next series!The 2024 Security@ world tour traveled to eight...

    Read Article
  • Breaking Down the OWASP Top 10: Injection

    Breaking Down the OWASP Top 10: Injection

    The injection classification is broad in scope and includes attack vectors such as:cross-site scripting (XSS)SQL injection (SQLi)carriage return/line feed injection (CRLF)server-side template...

    Read Article
  • How Inadequate Authentication Logic Led to an MFA Bypass and Account Takeover

    How Inadequate Authentication Logic Led to an MFA Bypass and Account Takeover

    Many Facets, One GoalA common trope in cybersecurity is "don't roll your own auth." There's a reason for this: implementing authentication is deceptively difficult. Many of the requirements for...

    Read Article
  • How HackerOne Employees Stay Connected and Have Fun

    How HackerOne Employees Stay Connected and Have Fun

    This year, we launched new initiatives designed to bring people together in fun and innovative ways, including playing online games, monthly global fitness challenges, and unique team-building...

    Read Article
  • How REI Strengthens Security with HackerOne’s Global Security Researcher Community

    How REI Strengthens Security with HackerOne’s Global Security Researcher Community

    Q: Please introduce yourself. Tell us what you do at REI and why cybersecurity is important to REI.A: I'm Isaiah Grigsby, a senior application security engineer. I lead our vulnerability...

    Read Article
  • Flexible Data Retrieval at Scale with HAQL

    Flexible Data Retrieval at Scale with HAQL

    What is HAQL?Back in 2022, we were faced with a challenge: we wanted to build useful, actionable dashboards for our customers, and we wanted to build them fast. We had the data, we had the...

    Read Article
  • AI in SecOps: How AI is Impacting Red and Blue Team Operations

    AI in SecOps: How AI is Impacting Red and Blue Team Operations

    Integrating AI into SOCsThe integration of AI into security operations centers (SOCs) and its impact on the workforce are pivotal aspects of successful AI adoption and trust building. According to...

    Read Article
  • HackerOne’s Fall Day of Service

    HackerOne’s Fall Day of Service

    Employees had the chance to connect over shared goals and values, fostering stronger relationships beyond the workplace. This event generated 13 projects around the U.S. and the Netherlands....

    Read Article
  • How HackerOne Disproved an MFA Bypass With a Spot Check

    How HackerOne Disproved an MFA Bypass With a Spot Check

    What Is a Spot Check?A Spot Check is a powerful tool for security teams to do a tightly focused and scoped human-powered assessment with security researchers. Available as part of HackerOne Bounty...

    Read Article
  • Unlocking Engagement with Employee Feedback

    Unlocking Engagement with Employee Feedback

    Since 2018, HackerOne has maintained an employee engagement survey participation rate of over 80%, with half of the surveys achieving 90% or more participation. The executive leaders read every...

    Read Article
  • How a Business Logic Vulnerability Led to Unlimited Discount Redemption

    How a Business Logic Vulnerability Led to Unlimited Discount Redemption

    It sounds straightforward enough, but business logic vulnerabilities can result in an array of serious security issues, such as unauthorized access, bypassing rate limits, or in the case of a...

    Read Article
  • Who Should Own AI Risk at Your Organization?

    Who Should Own AI Risk at Your Organization?

    In this blog, we’ll explore who is and should be accountable for AI risk within organizations and how to empower them to take this significant responsibility. AI Security RisksWhat does “AI risk”...

    Read Article
  • Securing Our Elections Through Vulnerability Testing and Disclosure

    Securing Our Elections Through Vulnerability Testing and Disclosure

    Security researchers and election technology manufacturers at the Election Security Research Forum (ESRF). The EventIn preparation for the election season, HackerOne planned and executed a...

    Read Article
  • Measure, Compare, and Enhance Security Programs with HackerOne Benchmarks

    Measure, Compare, and Enhance Security Programs with HackerOne Benchmarks

    Without clear comparisons and long-term visibility, it’s challenging to identify areas for improvement and make informed, data-driven decisions. That’s why we’re excited to introduce...

    Read Article
  • AWS Security Configuration Review and Best Practices

    AWS Security Configuration Review and Best Practices

    In fact, the Cloud Security Alliance’s Top Threats to Cloud Computing 2024 Report ranks the following concerns as the top three:Misconfiguration and inadequate change controlIdentity and Access...

    Read Article
  • OWASP Top 10: The Risk of Cryptographic Failures

    OWASP Top 10: The Risk of Cryptographic Failures

    What Is Cryptography?Cryptography is the practice and study of techniques for securing communication and information by transforming it into a format that is unreadable to unauthorized users. When...

    Read Article
  • Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen

    Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen

    The file upload vulnerability type is as broad in scope as the number of different file types. These vulnerabilities are an ever-present security concern. While the underlying mechanics of how the...

    Read Article
  • How To Use HackerOne’s Global Vulnerability Policy Map

    How To Use HackerOne’s Global Vulnerability Policy Map

    To help organizations keep up with the shifting landscape of VDP mandates and recommendations, HackerOne has developed the Global Vulnerability Policy Map, an interactive map-based tracker. Users...

    Read Article
  • loading
    Loading More...