HackerOne, the world’s most trusted hacker-powered security platform, today announced new product features for customers and hackers in conjunction with its annual Security@ conference. HackerOne has expanded its security intelligence services by creating a HackerOne Global Top 10 vulnerability rating table to complement OWASP’s Top 10. The HackerOne Top 10 is based on real-world vulnerabilities found by our global hacker community.
The new Intelligence features will also provide insight into exploited vulnerabilities with its CVE Exploitation Index. For hackers, HackerOne launched the first-ever hacker API in July and has now added bounty table ranges and a bounty calculator to increase transparency. Finally, there have been a number of updates to improve the security workflow for large global enterprises, including improved access management, control, and improved connectivity with external applications.
“Streamlining vulnerability management programs for customers of all sizes has been a key focus for HackerOne since we were founded,” said Rand Wacker, SVP of Product at HackerOne. “We want hackers to be able to prioritize bug hunting and our customers to gain sophisticated intelligence that, combined, will make a real difference to their security strategies. With these updates, we’re looking forward to seeing how customers use the valuable data provided by our hackers to inform overall security programs within their organizations.”
The Open Web Application Security Project (OWASP) Top 10 is broadly used as a guideline to understand where a security team should prioritize its vulnerability management efforts. The OWASP 2021 Top 10 introduced three new categories: Insecure Design, Software and Data Integrity Failures, and a group for Server-Side Request Forgery (SSRF) attacks. HackerOne not only contributed data, but its ongoing collaboration and partnership also influenced the content. The new HackerOne Global Top 10 goes a step further with more regular updates and providing industry specific data. HackerOne leverages its unique dataset to give customers even greater insight into the most impactful weaknesses from a hacker perspective, based on what is being discovered and rewarded for on the platform that would otherwise not have surfaced in the OWASP Top 10. The HackerOne Global Top 10 will also be incorporated into HackerOne Assessment scopes as a standard to go beyond a typical pentest check against the OWASP Top 10.
HackerOne’s CVE Exploitation Index takes intelligence a step further. Whereas a scanner only provides information based on a set algorithm or analyst’s estimates, this feature provides a view of which CVEs are most exploitable, based on real-world data from the HackerOne platform. The data represents which CVEs are being discovered most by hackers. Customers can use the index in conjunction with CISA’s list of the top 30 most exploited CVEs to patch the CVEs that put organizations most at risk.
These new vulnerability intelligence capabilities are expected to be available in the HackerOne platform by the end of this year.
Increasing efficiency in hacker workflows and payment transparency allows hackers to focus their time on finding vulnerabilities and integrating with existing customer development workflows.
The new bounty table ranges and bounty calculator provide a means for customers to set bounty ranges, bringing consistency to the way bounties are awarded. This creates more transparency for hackers, increasing trust between organizations and hackers, resulting in improved hacker motivation.
The Hacker API allows hackers to spend more time on finding vulnerabilities. The API automates a hacker’s workflow by giving them immediate access to program information, provides access to view all vulnerabilities and see report updates, and gives them a way to monitor their earnings and payouts for tax reporting.
HackerOne’s security workflows centralize access management, control, and connectivity to external applications in the HackerOne Platform. The new updates include:
- Organized Homepage Access – Gain a unified view and easy access to different program sections, such as the security page, settings, reports, and inbox prioritization to see the most important reports first.
- Centralized User Management – Add users to the organizational view of your HackerOne experience and centrally manage their access to multiple programs and reports.
- Enhanced Navigation – Access a report’s sidebar for the visibility to report and relay information while maintaining easy access to the metadata needed to support security actions. Enable for users the flexibility to interact with the HackerOne platform while untethered from workstations via mobile optimization.
- Improved Jira Integration – Obtain connectivity to any number of Jira instances allowing configurable support for different teams and projects, eliminating the need for manual workarounds.
HackerOne has strengthened cloud security this quarter by expanding capabilities for Amazon Web Services (AWS) customers and cloud security will be a key focus at this year’s Security@ conference.
To find out more about how these product updates will benefit your organization and how you can get started, join this year’s annual Security@ conference tomorrow for product sessions on supporting cloud migrations, how you can use data to strengthen your security response program, and using integrations to add value to existing systems. Register now https://www.hackerone.com/security-at