Introducing HackerOne Assets

A Security Survey on How to Close Your Organization's Attack Resistance Gap


https://www.hackerone.com/vulnerability-...e-assets-0

Understanding Public and Private Bug Bounties and Vulnerability Disclosure Programs




https://www.hackerone.com/vulnerability-...disclosure

HackerOne Announces a New Customer Pentest Setup that's More Efficient and Speeds Ti




https://www.hackerone.com/assessments/ha...peeds-time

5 Ways I Provide Value as a PullRequest Reviewer When I Start Reviewing a New Project

Important reviewer traits for providing a great code review include prior knowledge and experience, expertise, background context, attention to detail, and written communication skills. As a reviewer on PullRequest, I need to quickly gain context when I’m reviewing a project for the first time. But as is the case for any engineer new to a team, some context is gained over time.


https://www.hackerone.com/application-se...ew-project

What Is a Security.txt File and How Can It Help Your Program?




https://www.hackerone.com/security-compl...ur-program

Ethical Hackers Help Beiersdorf Minimize Risk and Protect Their Attack Surface

After a year of running a private Vulnerability Disclosure Program (VDP), Beiersdorf is announcing the launch of its public VDP. HackerOne met with Kai Widua, Chief Information Security Officer (CISO) at Beiersdorf, to learn about the challenges they face in retail security. 


https://www.hackerone.com/customer-stori...ck-surface

How Critical Infrastructure Can be Protected from Threats

Accessing a major critical infrastructure network is very appealing to cybercriminals, as they can maximize societal impact and demand large ransom sums to fix tampered systems. With recent high-profile attacks, including that against the Colonial Pipeline in March 2021, it has become clear that the organizations handling critical infrastructure networks are now in the firing line. Critical infrastructure is vulnerable to both threat groups that are evolving their tactics and public scrutiny if they do not remain transparent when an attack occurs.


https://www.hackerone.com/vulnerability-...ed-threats

Severe Confluence Vulnerability is an Active Threat (CVE-2022-26134)




https://www.hackerone.com/application-se...2022-26134

How to Catch Injection Security Vulnerabilities in Code Review

Injection vulnerabilities result from insecure handling of user inputs. They are relatively simple to fix once the underlying issues that cause them are understood, and are frequently found by experienced reviewers who know what to look for. The prevalence of injection vulnerabilities today is one of the best arguments for continuing to perform code review in many organizations—this type of vulnerability is most frequently caught through human inspection of the offending code.


https://www.hackerone.com/vulnerability-...ode-review

The Top 5 Most Common Security Issues I Discover When Reviewing Code




https://www.hackerone.com/top-5-most-com...ewing-code