HackerOne
The HackerOne Blog
-
Why Retail and E-commerce Organizations Trust Security Researchers During the Holiday Shopping Season
Retail and e-commerce organizations are major targets this time of year, which is why proactive security testing is essential to preparing for a potential onslaught of malicious attacks. Why are...
-
Re-live the Security@ magic in our on-demand video library!
Take me there! -
Network and Information Systems Directive (NIS2) Compliance: What You Need to Know
This blog will break down the NIS2 Directive drawing information from the original directive briefing published by the European Parliament and explain how organizations can prepare for compliance,...
-
5 Insights Attendees Gained from the Security@ World Tour
If you weren’t lucky enough to catch us at a roadshow event, you’ll be delighted to know you can catch us again in 2025 with the next series!The 2024 Security@ world tour traveled to eight...
-
Breaking Down the OWASP Top 10: Injection
The injection classification is broad in scope and includes attack vectors such as:cross-site scripting (XSS)SQL injection (SQLi)carriage return/line feed injection (CRLF)server-side template...
-
How Inadequate Authentication Logic Led to an MFA Bypass and Account Takeover
Many Facets, One GoalA common trope in cybersecurity is "don't roll your own auth." There's a reason for this: implementing authentication is deceptively difficult. Many of the requirements for...
-
How HackerOne Employees Stay Connected and Have Fun
This year, we launched new initiatives designed to bring people together in fun and innovative ways, including playing online games, monthly global fitness challenges, and unique team-building...
-
How REI Strengthens Security with HackerOne’s Global Security Researcher Community
Q: Please introduce yourself. Tell us what you do at REI and why cybersecurity is important to REI.A: I'm Isaiah Grigsby, a senior application security engineer. I lead our vulnerability...
-
Flexible Data Retrieval at Scale with HAQL
What is HAQL?Back in 2022, we were faced with a challenge: we wanted to build useful, actionable dashboards for our customers, and we wanted to build them fast. We had the data, we had the...
-
AI in SecOps: How AI is Impacting Red and Blue Team Operations
Integrating AI into SOCsThe integration of AI into security operations centers (SOCs) and its impact on the workforce are pivotal aspects of successful AI adoption and trust building. According to...
-
HackerOne’s Fall Day of Service
Employees had the chance to connect over shared goals and values, fostering stronger relationships beyond the workplace. This event generated 13 projects around the U.S. and the Netherlands....
-
How HackerOne Disproved an MFA Bypass With a Spot Check
What Is a Spot Check?A Spot Check is a powerful tool for security teams to do a tightly focused and scoped human-powered assessment with security researchers. Available as part of HackerOne Bounty...
-
Unlocking Engagement with Employee Feedback
Since 2018, HackerOne has maintained an employee engagement survey participation rate of over 80%, with half of the surveys achieving 90% or more participation. The executive leaders read every...
-
How a Business Logic Vulnerability Led to Unlimited Discount Redemption
It sounds straightforward enough, but business logic vulnerabilities can result in an array of serious security issues, such as unauthorized access, bypassing rate limits, or in the case of a...
-
Who Should Own AI Risk at Your Organization?
In this blog, we’ll explore who is and should be accountable for AI risk within organizations and how to empower them to take this significant responsibility. AI Security RisksWhat does “AI risk”...
-
Securing Our Elections Through Vulnerability Testing and Disclosure
Security researchers and election technology manufacturers at the Election Security Research Forum (ESRF). The EventIn preparation for the election season, HackerOne planned and executed a...
-
Measure, Compare, and Enhance Security Programs with HackerOne Benchmarks
Without clear comparisons and long-term visibility, it’s challenging to identify areas for improvement and make informed, data-driven decisions. That’s why we’re excited to introduce...
-
AWS Security Configuration Review and Best Practices
In fact, the Cloud Security Alliance’s Top Threats to Cloud Computing 2024 Report ranks the following concerns as the top three:Misconfiguration and inadequate change controlIdentity and Access...
-
OWASP Top 10: The Risk of Cryptographic Failures
What Is Cryptography?Cryptography is the practice and study of techniques for securing communication and information by transforming it into a format that is unreadable to unauthorized users. When...
-
Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen
The file upload vulnerability type is as broad in scope as the number of different file types. These vulnerabilities are an ever-present security concern. While the underlying mechanics of how the...
-
How To Use HackerOne’s Global Vulnerability Policy Map
To help organizations keep up with the shifting landscape of VDP mandates and recommendations, HackerOne has developed the Global Vulnerability Policy Map, an interactive map-based tracker. Users...
- Loading More...