The only annual hacker-powered security conference, Security@ is going virtual!

Join cybersecurity execs from financial services and insurance organizations to discuss:

• Navigating evolving cybersecurity attack surfaces amidst change
• Hiring and resourcing for your team amidst budget constraints
• How organisations can turn hackers from a threat to an asset
• Lessons learned from the adoption of vulnerability disclosure and bug bounty programs in the FSI and Government sectors in Singapore

Submit your questions for this session.

This event is an exclusive roundtable for customers and prospects in the Retail & E-commerce sector. The format will be an open discussion led by a HackerOne representative and will introduce some top HackerOne customers to discuss their own experience.

Attendees will have the opportunity to ask their peers any questions they’ve ever had about working with hackers and gain insights to help with any challenges particular to retail & e-commerce organisations.

Key session takeaways for attendees:

• Real world examples of the challenges that have led our retail & e-commerce customers to develop hacker powered security programs
• An open discussion about how COVID-19 has impacted the security operations during a time of rapid digital transformation in the industry
• Insight into the process of launching and running a hacker powered security program
• A chance to ask questions of existing customers about their experience and challenges
• Practical advice on how to engage and secure buy-in from stakeholders for these programs
• Data insights from our retail & e-commerce customer dataset on overall trends, common vulnerabilities, and industry standards for bounty prices and time to resolution

Briefing Doc

Submit your questions for this session.

This event is an exclusive roundtable for customers and prospects in the business software sector. The format will be an open discussion led by a HackerOne representative and will introduce some top HackerOne customers to discuss their own experience.

Attendees will have the opportunity to ask their peers any questions they’ve ever had about working with hackers and gain insights to help with any challenges particular to business software organisations.

Key session takeaways for attendees:

• Real world examples of the challenges that have led our business software customers to develop hacker powered security programs
• Examples of how hacker powered security has helped these companies gain a competitive advantage when selling to the enterprise
• Insight into the process of launching and running a hacker powered security program
• A chance to ask questions of existing customers about their experience and challenges
• Practical advice on how to engage and secure buy-in from stakeholders for these programs
• Data insights from our customer dataset on overall trends, common vulnerabilities, and industry standards for bounty prices and time to resolution

Briefing Doc

Submit your questions for this session.

From testing to vulnerability report, to validation, to CVSS, to security team, to developer...now what? In this session LINE will trace the path of a bug from hacker to fix and feed it back into the SDLC, and all the communication that happened along the way.

Submit your questions for this session.

Cybersecurity is an industry built on a foundation of firewalls, black boxes, and a shield mentality. In many ways, it still is. Yet, innovation and agility breeds in a culture of openness and shared knowledge. How can leaders and security teams bridge security defense with industry collaboration?

This fireside chat will cover what it takes to create a wave of cultural openness, prioritizing security as a competitive differentiator, and the true business impact of cybersecurity.

Submit your questions for this session.

Shopify uses GraphQL for both their developer-facing and undocumented APIs. In their core application alone, there is a considerable amount of undocumented functionality available over GraphQL. They don't make this schema publicly available, and as a result, have noticed that bugs in new functionality can go unreported until that part of the API is being actively used in Shopify apps. This prompted the team to create a roadmap for researchers on how to effectively discover new functionality in Shopify APIs, and how they can get started testing it.

In this session, Jennifer will cover lessons learned from developing and releasing a guide related to testing Shopify’s APIs, including:

• Data from previous reports that prompted this idea
• Feedback from hackers and adjustments made
• Data related to the guide’s impact on the volume of GraphQL-related bugs, average severity, valid reports, and duplicates
• A look at the technical details of interesting bugs found in our APIs

Submit your questions for this session.