I use HackerOne for the bug bounty platform to find security issues. When we discover vulnerabilities, we receive awards for them. Before testing any new payment API for public release, we can have time-bound testing with expert-selected hackers. I have been part of that community to test different applications and identify vulnerabilities so that companies can get an overview before reaching the job market. HackerOne has impacted my work through testing other applications. Ethical hackers on the platform can test thoroughly from end to end, providing new features and insights that give companies and products a competitive edge. For example, Uber Technologies ran a production bug where user data could be accessed by changing the user ID in the API request, allowing receipts to be downloaded for any particular user. This bug was present in production and was not found by others. It prevents data leaks and regulatory fines that would occur if the bug reached the real world, while also protecting customer trust.
I am currently using Wiz, a scanning solution for cloud, to see if we are collecting reviews for any of these tools. My company has bought the license for Wiz, and we are using it as consumers. HackerOne is used for bug bounty management. Whenever outsiders report any public-facing vulnerabilities or faults in our public-facing websites or domains, we receive a notification, validate it, and award bounties accordingly. The ease of collaboration with ethical hackers on HackerOne has been quite good. From my experience, they respond when we do not have enough information on the findings. Since starting work with HackerOne six months ago, we had other previous tools as well. HackerOne has been the right fit for our current situation.
My main use case for HackerOne is mostly for submitting bugs. I get into the programs listed there, find one that is suitable for me, do my penetration testing on the systems, try to bypass some controls, and if I find a bug, I submit it on HackerOne. A specific example of a bug I found and submitted through HackerOne that stood out to me involves race conditions because they resonate with me as a unique type of bug. If you can submit simultaneous requests to a program or a system and it fails to queue those requests properly, you end up getting the same response for multiple requests, which I find incredible, so I tend to focus on race conditions. I use HackerOne as an individual, primarily as a side hustle. While I'm working for the organization, I do projects related to it, but in my free time, I get into HackerOne and try to hack other systems that are not related to my organization, helping other organizations enhance their security.
My use case is similar to DuckTron. The processes I use for DuckTron are exactly the same for HackerOne. Therefore, there isn't much of a difference. I use HackerOne for finding vulnerabilities and reporting them, then receiving rewards akin to a bug bounty program. Within my organization, HackerOne is used for vulnerability coordination through its user interface, which lists programs and websites for reporting vulnerabilities.
HackerOne is an industry leader in offensive security, enabling companies to identify and resolve vulnerabilities using AI and a global community of researchers. Trusted by top organizations, HackerOne enhances the software development lifecycle with comprehensive security testing.HackerOne combines artificial intelligence with a diverse community of skilled security researchers to fortify digital ecosystems. Offering bug bounty programs, vulnerability disclosure, pentesting, and AI red...
I have projects and companies reaching out to me to conduct security testing and find issues in their systems. I use HackerOne for that purpose.
I use HackerOne for the bug bounty platform to find security issues. When we discover vulnerabilities, we receive awards for them. Before testing any new payment API for public release, we can have time-bound testing with expert-selected hackers. I have been part of that community to test different applications and identify vulnerabilities so that companies can get an overview before reaching the job market. HackerOne has impacted my work through testing other applications. Ethical hackers on the platform can test thoroughly from end to end, providing new features and insights that give companies and products a competitive edge. For example, Uber Technologies ran a production bug where user data could be accessed by changing the user ID in the API request, allowing receipts to be downloaded for any particular user. This bug was present in production and was not found by others. It prevents data leaks and regulatory fines that would occur if the bug reached the real world, while also protecting customer trust.
I am currently using Wiz, a scanning solution for cloud, to see if we are collecting reviews for any of these tools. My company has bought the license for Wiz, and we are using it as consumers. HackerOne is used for bug bounty management. Whenever outsiders report any public-facing vulnerabilities or faults in our public-facing websites or domains, we receive a notification, validate it, and award bounties accordingly. The ease of collaboration with ethical hackers on HackerOne has been quite good. From my experience, they respond when we do not have enough information on the findings. Since starting work with HackerOne six months ago, we had other previous tools as well. HackerOne has been the right fit for our current situation.
My main use case for HackerOne is mostly for submitting bugs. I get into the programs listed there, find one that is suitable for me, do my penetration testing on the systems, try to bypass some controls, and if I find a bug, I submit it on HackerOne. A specific example of a bug I found and submitted through HackerOne that stood out to me involves race conditions because they resonate with me as a unique type of bug. If you can submit simultaneous requests to a program or a system and it fails to queue those requests properly, you end up getting the same response for multiple requests, which I find incredible, so I tend to focus on race conditions. I use HackerOne as an individual, primarily as a side hustle. While I'm working for the organization, I do projects related to it, but in my free time, I get into HackerOne and try to hack other systems that are not related to my organization, helping other organizations enhance their security.
My use case is similar to DuckTron. The processes I use for DuckTron are exactly the same for HackerOne. Therefore, there isn't much of a difference. I use HackerOne for finding vulnerabilities and reporting them, then receiving rewards akin to a bug bounty program. Within my organization, HackerOne is used for vulnerability coordination through its user interface, which lists programs and websites for reporting vulnerabilities.
I mainly use it for downtime activities, earning extra cash alongside a full-time job, and to get new sales and profits.
I use the tool for vulnerability assessment and testing.
I use the tool for hacking, practicing, and doing responsible vulnerability disclosure.