Skip to main content

HackerOne Blog

Read the HackerOne blog to learn strategies for strengthening your attack resistance with help from highly skilled ethical hackers. Improve your security profile and stay up to date on industry trends and emerging threats.

day 4 image
August 5th, 2022

H1-702 Las Vegas Day 3: Switching Up Scopes


It is a new day with new challenges. Scope has shifted for the next part of our LHE. Today, you can feel the focus. These hackers have been heads...

HackerOne Blog
Vulnerability Management

HackerOne’s In-Depth Approach to Vulnerability Triage and Validation

Like triaging in a hospital emergency room, security issues must be diagnosed and handled by an expert as soon...
DevOps DevSecOps
Application Security

DevSecOps vs DevOps: What is the Difference?

DevSecOps can dramatically reduce cyber risk for organizations—particularly those that rely on internal...

Overlooked Server Permissions
Application Security

The Most Overlooked Server Permission Checks

We previously looked at common server authentication issues we see in code review and offered tips to avoid...
How Bug Bounty Uncovered A 5-Year-Old Vulnerability In Hours
Ethical Hacker, Vulnerability Management

How Bug Bounty Uncovered A 5-Year-Old Vulnerability In Hours

When PullRequest was acquired, these concerns became HackerOne’s challenges. When we finalized the acquisition...
CISOs: Do You Know M&A Security Risks?
Vulnerability Management

CISOs: Do You Know the Security Risks of Your Organization's Next M&A?

An ever-expanding attack surface is a global concern for most organizations and complicates an M&A, especially...

Common Security Issues
June 10th, 2022

The Top 5 Most Common Security Issues I Discover When Reviewing Code

NOTE: The following code examples have been contrived to provide detailed, illustrative representations of...
Catching Injection Vulnerabilities
Vulnerability Management

How to Catch Injection Security Vulnerabilities in Code Review

Injection vulnerabilities result from insecure handling of user inputs. They are relatively simple to fix once...

What is Confluence CVE-2022-26134 and How Do I Fix It
Application Security

Severe Confluence Vulnerability is an Active Threat (CVE-2022-26134)

Background The vulnerability allows unauthenticated remote code execution (RCE). Exploitation occurs by...