Sold by: HackerOne
Deployed on AWS
Vendor Insights
HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Amazon, Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.
4.5
Overview
HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security.
For custom pricing, EULA, or a private contract, please contact AWS-Marketplace@hackerone.com , for a private offer.
HackerOne Response -Receive expert guidance on VDP policy creation and launch, using best practices from hundreds of programs -Tailor setup and implementation to meet your business needs and industry regulations -Gain a unified view of report trends to refine security measures and strengthen your overall security
HackerOne Pentest -Get started quickly with streamlined scoping tailored to your needs Integrate directly into your SDLC for continuous, real-time collaboration -Gain clear, actionable insights with fully transparent delivery -Accelerate issue resolution with rapid, effective remediation -Simplify retesting and ensure consistency with easy repeat engagement
HackerOne Bounty -24/7 coverage of your growing attack surface -Catch exploits that automated tools miss -Hone in on specific areas of concerns as needed -Attract new talent with time-bound incentives -Scale the reach of your security team
HackerOne AI Red Teaming -Engage in offensive testing with complete control over scope, timeframe, and required skills -Integrate vulnerability reports directly into security and DevOps workflows -Get expert guidance on threat modeling, policy creation, and mitigation before and after testing
HackerOne Challenge -Deploy targeted testing quickly, aligning with immediate security needs without long-term commitments. -Integrate vulnerability findings directly into your security and DevSecOps workflows for efficient remediation. -Receive expert guidance on every step, ensuring comprehensive support before and after testing.
Streamlined integrations and automation: HackerOne offers robust APIs and built-in integrations and automation, simplifying vulnerability management and streamlining workflows.
Together, these integrated solutions provide indispensable capabilities for organizations. They ensure that vulnerabilities are continuously identified, prioritized, and remediated, providing unmatched protection from code to the cloud.
Learn more about each one of our offerings designed to address specific security challenges with our Defense-in-Depth strategy at https://www.hackerone.com/product/overview
Highlights
- Maintain continuous vigilance for your expanding digital attack surface, including applications, cloud assets, APIs, IoT, and the software supply chain. Quickly meet compliance and regulatory standards to ensure your product launches stay on track. Measure threats, examine the landscape, and demonstrate value to stakeholders, customers, and partners.
- Flag elusive vulnerability classes that only human ingenuity and precision can uncover and avoid the false positives that come from automated scanners. Access security skills that align with your technology stack and free up internal resources to focus on more strategic initiatives. Direct communication with researchers: The platform facilitates real-time communication between organizations and security researchers, enabling remediation suggestions and quick vulnerability resolution.
- Hai - AI copilot provides a deeper and more immediate understanding of your security program so you can make decisions and deliver fixes faster. Effortlessly translate natural language into precise queries, enrich vulnerability reports with relevant context, and use platform data to generate insightful recommendations. Integrate Hai's features into your current processes and tools with custom vulnerability scanner templates, API integrations, and dynamic automation.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
ISO27001
FedRAMP
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
HackerOne Platform | Proven human-powered security testing, enhanced by AI | $500,000.00 |
Dimension | Cost/unit |
|---|---|
Rewards overage fee | $0.01 |
Vendor refund policy
There are no refund options available.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
To ensure that you receive timely assistance, it's important to be aware of our Support & Mediation team's business hours. This documentation details when our Support Team is available, how to reach them, and additional resources for self-help outside of these hours.
Support Team Operating Hours Our dedicated Support team is available to assist you during the following hours:
Monday to Friday: Mediation (Customers)
8:00am - 5:00pm PT
Support
12:00am-4:30pm PT
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By HackerOne
By NetSPI
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Vulnerability Detection and Management
Continuous identification of vulnerabilities across applications, cloud assets, APIs, IoT, and software supply chain with human-driven security research capabilities that detect vulnerability classes missed by automated scanners.
AI-Powered Security Analysis
AI copilot that translates natural language queries into precise security insights, enriches vulnerability reports with contextual information, and generates recommendations based on platform data.
Security Testing Services
Multiple offensive security testing capabilities including bug bounty programs, vulnerability disclosure, penetration testing, AI red teaming, and code security assessments integrated across the software development lifecycle.
API and Workflow Integration
Robust APIs and built-in integrations enabling direct integration of vulnerability reports into security and DevOps workflows, with custom vulnerability scanner templates and dynamic automation capabilities.
Real-Time Researcher Communication
Direct communication platform between organizations and security researchers enabling real-time collaboration on remediation suggestions and accelerated vulnerability resolution.
Penetration Testing Service
Penetration Testing as a Service (PTaaS) platform combining security professionals with AI and automation, delivering 50+ pentest types with streamlined workflows and accelerated remediation.
Attack Surface Management
Continuous visibility into internal and external attack surfaces with capabilities to discover unknown assets, identify exposure gaps, and prioritize remediation based on real-world risk contextualization.
Red Team and Adversary Simulation
Red team engagements simulating real-world adversaries to test people, processes, and technology, chaining vulnerabilities across identity, application, cloud, and infrastructure layers to demonstrate breach scenarios.
Specialized Security Assessment Teams
Dedicated teams specializing in application, cloud, infrastructure, identity, and mainframe security with proprietary testing frameworks and tooling for deeper technical validation.
AI-Accelerated Security Workflows
AI-accelerated platform experience enabling critical security workflows with reduced complexity, translating vulnerabilities into business and regulatory risk insights with real-time reporting and remediation guidance.
AI-Powered Researcher Sourcing
Platform uses data and AI to source and activate security researchers and pentesters across multiple dimensions for continuous vulnerability discovery.
Penetration Testing as a Service
Modern PTaaS suite enabling rapid pen test launches against any target within days with prioritized findings dashboard and DevSec workflow integration.
Automated Triage and Noise Reduction
Core triage competency that rapidly removes false positives and adds context for prioritization, handling critical vulnerabilities within a single day.
Vulnerability Disclosure Program Management
Managed VDP solution providing intake channels, validation, triage, researcher relations, SDLC integration, and reporting for public vulnerability submissions.
Security Knowledge Graph Analytics
Deep analytics engine built from millions of data points about vulnerabilities, assets, and hacker skill sets to drive insights, recommendations, and AI models.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
Information Technology and Services
Excellent CSM Support and an Ever-Improving Automation Platform
Reviewed on May 14, 2026
Review provided by G2
What do you like best about the product?
excellence service provided by your CSM and the ever improving platform such as HAI and automation are my favourite feature
What do you dislike about the product?
High pricing and slow response from H1 triage team
What problems is the product solving and how is that benefiting you?
I’m a big fan of HAI, AI summary and intake agent. With the number of reports growing lately, these features have been a lifesaver. They let me quickly understand the core of each report and oversee the whole program without spending hours on manual reading.
Consumer Goods
Strong Bug Bounty Platform
Reviewed on May 13, 2026
Review provided by G2
What do you like best about the product?
The HackerOne platform provides a clear and structured channel for security researchers to report vulnerabilities, ensuring consistent quality, relevance, and prioritization of submissions. The built-in triage capabilities significantly reduce our internal validation effort, while the centralized communication platform enables reliable, streamlined interaction with researchers without the risk of losing reports due to email filtering issues.
What do you dislike about the product?
Although the triage process clearly adds value, response times can sometimes be slower than expected, which can cause delays in validation and in the subsequent handling of submissions.
What problems is the product solving and how is that benefiting you?
HackerOne increases our visibility within the security research community, making it easier for researchers to engage with us. It centralizes all vulnerability reports in a single platform, which helps streamline handling, reduce duplicate submissions, and minimize noise, allowing us to focus on relevant and high-quality findings.
Toufik A.
One of the best BB platform
Reviewed on May 11, 2026
Review provided by G2
What do you like best about the product?
I appreciate being connected with a relevant community, which enables us to identify serious and impactful vulnerabilities across our scope. The ticketing interface is quite user friendly, and I found the initial setup of the HackerOne Platform quite easy.
What do you dislike about the product?
I believe HackerOne should introduce an ACK status to acknowledge the initial review of a report.
What problems is the product solving and how is that benefiting you?
The HackerOne Platform enables me to engage with a community that helps identify serious and impactful vulnerabilities across our scope.
Automotive
Straightforward, Practical Vulnerability Management with Clear Visibility
Reviewed on May 11, 2026
Review provided by G2
What do you like best about the product?
I like how straightforward and practical it is. It makes it easy to work with hackers, keep track of vulnerabilities, and manage everything in one place without it feeling heavy or complicated. It also gives good visibility into what actually matters, which helps when you need to explain things to leadership or prioritize fixes.
What do you dislike about the product?
For busy programs, the number of notification emails that arrive every morning can be very confusing. It would be really helpful if these updates could be summarized so it’s clearer what’s happening at a glance. Right now, some emails include responses from the HackerOne team, while others are usually responses from our team, and it’s hard to quickly tell them apart. A simple summary would make it much easier to keep everything organized and easy to follow.
What problems is the product solving and how is that benefiting you?
It centralizes vulnerability reporting, triage, and remediation in one place, which makes the overall process much easier to manage. It reduces noise and helps us focus on the real, high-impact risks instead of getting distracted by low-value findings. It also provides clear ownership, tracking, and visibility into vulnerabilities, so nothing gets lost and progress is easy to follow. Communication with stakeholders is smoother, and collaboration with hackers feels more structured and productive. Overall, it enables faster and more consistent remediation across teams.
Mikhail Y.
Powerful Bug Bounty Platform with Room for Improvements
Reviewed on May 09, 2026
Review provided by G2
What do you like best about the product?
I love the quality of the researcher community on the HackerOne Platform. The reports we receive are usually well written and reproducible, which makes our job way easier. It really helps us scale our security testing by allowing external researchers to find issues like IDORs, SSRFs, and logic flaws, which is huge. The triage and payout flow save us a lot of time. Additionally, their team helped with the smooth setup by scoping the program and defining policy.
What do you dislike about the product?
The dashboard can feel a bit cluttered when you have a lot of reports, and reporting/analytics could be more flexible. Pricing also gets pretty steep as you scale. Custom dashboards and exports are a bit limited. We'd love to slice data by asset, severity, and time more freely, and pull cleaner CSV/API data for our own BI tools. Trend reports across programs would also help.
What problems is the product solving and how is that benefiting you?
I use HackerOne Platform to scale our security testing, engage external security researchers, and triage reports efficiently. It saves us time with structured payouts and tracking vulnerabilities.