I 18 år har vi hjälpt företag
välja bättre programvara
HackerOne
Vad är HackerOne?
Utnyttja upplevelsen av hundratals säkerhetsresearchare som hjälper dig att identifiera sårbarheter i ditt digitala landskap. Oavsett om du behöver ett program för avslöjande om sårbarhet (vulnerability disclosure program, VDP) för efterlevnad eller helt enkelt vill minska risken för säkerhetsincidenter kan HackerOne hjälpa dig att etablera ett program för ansvarsfullt avslöjande som passar din organisations behov.
Vem använder HackerOne?
Levereras inte av leverantören
Är du inte helt övertygad om HackerOne?
Jämför med ett populärt alternativ
HackerOne
Andra bra alternativ till HackerOne
Recensioner av HackerOne
Best platform to start bug bounty journey
Kommentarer: It really nice if you have the knowledge you can earn good amt. of money via securing other companies
Fördelar:
They have a very good triaging system for the bugs reported. 99% of the time you will get an update on the status of the report within the time mentioned on the each program
Nackdelar:
While transferring the bounty their could be some difficulties during verification
Expensive and not fair to researchers, low ethics
Fördelar:
They're in a leading position, which means the top researchers want to work with them
Nackdelar:
1) the only people you'll get to talk to as a client are sales people, with no knowledge of security or tech. 2) I don't like the way they collaborate with researchers: in their first level of the program, you pay a huge amount of money to the company, but it doesn't get distributed to the researchers at all. Their argument is that researchers go into this program to gain ranking points, until they have enough points to reach the next level and gain access to programs where they'll be paid for their reports. It's like working as an unpaid intern for years, just for the glory, until you maybe get access to a paid job. I think it's totally unfair to hackers who work really hard to find meaningful vulnerabilities. They have to do it as a graduation step, because HackerOne is in a leading position and will twist their arms
Hackerone Bug Bounty Platform
Kommentarer: Not that good. Nothing offered not even badges for duplicate valid bugs. Thus I go for private programs that directly work on the reports.
Fördelar:
- Easy to use and submit a report. - Quick validation for critical and severe vulnerabilities. - Public disclosure is offered by very less platforms so its one of the big pros.
Nackdelar:
- My report was validated and bug was triaged and in a few days the bug was patched. But the report was assigned to a new member and he stated that it was triaged by a mistake. The injection was although minor but was valid so I think there should be some good validation process around it.
HackerOne is good from my perspective
Fördelar:
HackerOne is one of the old platforms in cybersecurity that provides a place for bug hunters to report bugs to programs. Also, HackerOne comes with so many features like API tokens that we can use from our terminal to gather the program's scope or to report vulnerabilities. One of the best features that I like about HackerOne as Bughunter is the Hacktivity section of HackerOne that timely disclosed reports which are very useful for building skills.
Nackdelar:
As a user of HackerOne for the last 2 years, I don't find any issues or problems in HackerOne. Although sometimes, I feel like the response time of some programs is not so good. And, I know in the coming updates HackerOne will fix this issue by contacting them. Another wise, HackerOne is a great platform for Bughunters.
Discover security vulnerabilities in your software in a way you can control
Kommentarer: HackerOne informed my team of a number of security vulnerabilities in our application which we were able to fix quickly and discreetly.
Fördelar:
Discovering vulnerabilities in your software is as important as it is sensitive. You need to discover them as quickly as possible, but don't necessarily want to advertise them to the public (even though all software inevitably has vulnerabilities). The thing I like most about HackerOne is the control it gives you over how your software is tested and how vulnerabilities get reported and addressed. Starting out, you may want to make testing private (invite-only) and invite a handful of testers to a testing environment. Later on, if you want to discover more and rarer vulnerabilities, you may decide to make testing public and allow HackerOne's large community of security researchers to search for issues.
Nackdelar:
I wish HackerOne's integrations (e.g. with Github) were self-service and more fully-featured. You can have HackerOne reports created as Github issues, for example, but in order to make that happen you have to contact HackerOne manually. I'd love a way to set this up myself, and for that integration to go both ways, e.g. for activity on the Github issue to appear in HackerOne. (Their Jira integration supports this.)
