How To: Server-Side Request Forgery (SSRF)

Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behavior of a server making a request that’s under the attacker’s control. This post will go over the impact, how to test for it, the potential pivots, defeating mitigations, and caveats.




https://www.hackerone.com/application-se...rgery-ssrf

HackerOne-sie - More than just epic swag

This illustrious sweater and sweat pant combo has been elevated to elite swag status donned by a lucky few. Only the elite of the elite on our Hacker Advisory Board have been offered a HackerOne-sie. Until now...



https://www.hackerone.com/company-news/h...-epic-swag

Webinar Recap: Attorneys Chime in on Hacker-Powered Security

To learn more about how legal teams and federal enforcers view hacker-powered security, we asked Megan Brown, partner, and Matthew Gardner, attorney, from the Privacy & Cybersecurity Practice at Wiley Rein LLP, a Washington, DC-based firm to present at our webinar, Invitation to Hack: Vulnerability Disclosure Programs.


https://www.hackerone.com/ethical-hacker...d-security

Tor Project Launches Public Bug Bounty Program | Q&A with Tor Browser Team Lead, Geo

In January 2016, the Tor Project launched its first private bug bounty program on HackerOne. Today the Tor Project announced its public bug bounty program. We sat down with the Tor security team lead, Georg Koppen to learn more about the program, what it means for the industry, and how it fits into Tor’s security strategy. See the full Q&A below.


https://www.hackerone.com/application-se...lead-georg

Vulnerability Disclosure Policy Basics: 5 Critical Components

Vulnerabilities are found every day by security researchers, friendly hackers, customers, academics, journalists, and tech hobbyists. Because no system is entirely free of security issues, it's important to provide an obvious way for external parties to report vulnerabilities.


https://www.hackerone.com/vulnerability-...components

Shopify Shares How Hackers Help to Secure $40B+ in Transactions

Dark Reading’s Kelly Sheridan recently sat down with Andrew for a Q&A talking about Ecommerce security and their bug bounty program hosted on HackerOne.


https://www.hackerone.com/ethical-hacker...ansactions

Introducing Security@ San Francisco!

Next week we’re kicking off our first conference by and for the hacker-powered security industry. On Tuesday, October 24, 2017, Security@ San Francisco will gather more than 200 security leaders, hackers and industry experts for groundbreaking keynotes, presentations and networking with peers and industry leaders who are paving the way to a safer internet.



https://www.hackerone.com/company-news/i...-francisco

Your TL;DR Summary of The CERT Guide to Coordinated Vulnerability Disclosure

The CERT Coordination Center at Carnegie Mellon University’s Software Engineering Institute (SEI) recently released The CERT Guide to Coordinated Vulnerability Disclosure. It is an amazingly detailed, clever, and complete guide to explaining the need for coordinated vulnerability disclosure (CVD). We've done our best to give you the cliff notes and even included some additional helpful resources at the end.



https://www.hackerone.com/vulnerability-...disclosure

Double your signal, double your fun

Human-Augmented Signal improves the signal of programs as reports flagged with a high noise probability are reviewed by HackerOne security analysts. After our system utilizes various criteria to automatically classify all incoming reports, reports with potential noise are forwarded to HackerOne security analysts for review.




https://www.hackerone.com/company-news/d...e-your-fun

Hacker101: Free class for web security. Let’s break some stuff

Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.


https://www.hackerone.com/ethical-hacker...some-stuff