- Hands-On Bug Hunting for Penetration Testers
- Joseph Marshall
- 233字
- 2021-07-16 17:53:03
HackerOne
HackerOne (https://www.hackerone.com/) is a similar platform – it has its own point system (reputation) and also calculates a variety of metrics that it uses as the basis for its Leaderboard and for invitations to its own private programs.
Like Bugcrowd, it also has a bug bounty policy for itself – if you find a vulnerability in one of its sites or apps, you're entitled to a reward. Interestingly though, you might still be entitled to a reward even if you don't discover a bug. From their site:
"HackerOne is interested in your research on our systems, regardless of whether you found a security vulnerability. If you have found yourself looking at a particular feature on one of our assets but didn't find anything, please submit a report that describes all the different things you tried and failed. We may reward you for substantial research performed on assets under our bug bounty policy."
This is an usual policy that still makes sense: providing a detailed list of everything that worked is its own audit of the company's resources, even if it doesn't cover any vulnerable areas.
HackerOne and Bugcrowd both have a similar breadth of different companies, with different products, business models, and security needs. HackerOne does have a few notable companies that are exclusive to its platform, most notably Twitter, but generally the offerings are very similar.
- Securing Blockchain Networks like Ethereum and Hyperledger Fabric
- Metasploit Penetration Testing Cookbook(Second Edition)
- Mastering Kali Linux for Advanced Penetration Testing
- 代碼審計:企業(yè)級Web代碼安全架構
- 防火墻技術與應用(第2版)
- Digital Forensics with Kali Linux
- 復雜信息系統(tǒng)網(wǎng)絡安全體系建設指南
- 網(wǎng)絡攻防實戰(zhàn)研究:MySQL數(shù)據(jù)庫安全
- Blockchain Development with Hyperledger
- 網(wǎng)絡空間安全體系
- CCNA Security 210-260 Certification Guide
- 中國網(wǎng)絡空間安全前沿科技發(fā)展報告(2018)
- 網(wǎng)絡安全技術及應用實踐教程
- Burp Suite Essentials
- 互聯(lián)網(wǎng)金融法律與風險控制(第2版)