Sold by: HackerOne
Deployed on AWS
Vendor Insights
HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Amazon, Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.
Overview
HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security.
For custom pricing, EULA, or a private contract, please contact AWS-Marketplace@hackerone.com , for a private offer.
HackerOne Response -Receive expert guidance on VDP policy creation and launch, using best practices from hundreds of programs -Tailor setup and implementation to meet your business needs and industry regulations -Gain a unified view of report trends to refine security measures and strengthen your overall security
HackerOne Pentest -Get started quickly with streamlined scoping tailored to your needs Integrate directly into your SDLC for continuous, real-time collaboration -Gain clear, actionable insights with fully transparent delivery -Accelerate issue resolution with rapid, effective remediation -Simplify retesting and ensure consistency with easy repeat engagement
HackerOne Bounty -24/7 coverage of your growing attack surface -Catch exploits that automated tools miss -Hone in on specific areas of concerns as needed -Attract new talent with time-bound incentives -Scale the reach of your security team
HackerOne AI Red Teaming -Engage in offensive testing with complete control over scope, timeframe, and required skills -Integrate vulnerability reports directly into security and DevOps workflows -Get expert guidance on threat modeling, policy creation, and mitigation before and after testing
HackerOne Challenge -Deploy targeted testing quickly, aligning with immediate security needs without long-term commitments. -Integrate vulnerability findings directly into your security and DevSecOps workflows for efficient remediation. -Receive expert guidance on every step, ensuring comprehensive support before and after testing.
Streamlined integrations and automation: HackerOne offers robust APIs and built-in integrations and automation, simplifying vulnerability management and streamlining workflows.
Together, these integrated solutions provide indispensable capabilities for organizations. They ensure that vulnerabilities are continuously identified, prioritized, and remediated, providing unmatched protection from code to the cloud.
Learn more about each one of our offerings designed to address specific security challenges with our Defense-in-Depth strategy at https://www.hackerone.com/product/overview
Highlights
- Maintain continuous vigilance for your expanding digital attack surface, including applications, cloud assets, APIs, IoT, and the software supply chain. Quickly meet compliance and regulatory standards to ensure your product launches stay on track. Measure threats, examine the landscape, and demonstrate value to stakeholders, customers, and partners.
- Flag elusive vulnerability classes that only human ingenuity and precision can uncover and avoid the false positives that come from automated scanners. Access security skills that align with your technology stack and free up internal resources to focus on more strategic initiatives. Direct communication with researchers: The platform facilitates real-time communication between organizations and security researchers, enabling remediation suggestions and quick vulnerability resolution.
- Hai - AI copilot provides a deeper and more immediate understanding of your security program so you can make decisions and deliver fixes faster. Effortlessly translate natural language into precise queries, enrich vulnerability reports with relevant context, and use platform data to generate insightful recommendations. Integrate Hai's features into your current processes and tools with custom vulnerability scanner templates, API integrations, and dynamic automation.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(3)
SOC2
ISO27001
FedRAMP
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
HackerOne Platform | Proven human-powered security testing, enhanced by AI | $500,000.00 |
Dimension | Cost/unit |
|---|---|
Rewards overage fee | $0.01 |
Vendor refund policy
There are no refund options available.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
To ensure that you receive timely assistance, it's important to be aware of our Support & Mediation team's business hours. This documentation details when our Support Team is available, how to reach them, and additional resources for self-help outside of these hours.
Support Team Operating Hours Our dedicated Support team is available to assist you during the following hours:
Monday to Friday: Mediation (Customers)
8:00am - 5:00pm PT
Support
12:00am-4:30pm PT
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By HackerOne
By NetSPI
By Fluid Attacks
Sentiment is AI generated from actual customer reviews
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Vulnerability Management
Comprehensive platform for identifying, prioritizing, and remediating security vulnerabilities across software development lifecycle
AI-Powered Security Research
Combines artificial intelligence with human security researchers to detect complex security and privacy vulnerabilities
Security Testing Methodologies
Offers multiple offensive security approaches including bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security testing
Integration Capabilities
Provides robust APIs and built-in integrations to streamline vulnerability management workflows and enable direct integration with security and DevOps systems
Attack Surface Monitoring
Continuous vigilance and testing across diverse digital environments including applications, cloud assets, APIs, IoT, and software supply chain
Penetration Testing Methodology
Comprehensive security testing across multiple domains including AI, applications, mainframes, cloud, and network infrastructure
Attack Surface Management
Continuous discovery and monitoring of external and cyber assets with real-time vulnerability identification and prioritization
Security Control Validation
Breach and attack simulation to validate effectiveness of existing cybersecurity tools and detect potential security gaps
Asset Discovery and Monitoring
Automated identification and tracking of unknown assets, security control coverage, and contextual risk assessment
Expert-Driven Security Assessment
Manual validation and expert-led analysis of security vulnerabilities with advanced threat detection capabilities
Security Testing Techniques
Comprehensive multi-vector security testing integrating automated tools, AI, and ethical hacking across SAST, DAST, SCA, CSPM, PTaaS, and reverse engineering
Continuous Security Integration
CI/CD agent that continuously reviews source code changes and breaks build to prevent deployment of vulnerable software
Cloud Platform Security
Seamless security integration with major cloud platforms including AWS, Microsoft Azure, and Google Cloud Platform for infrastructure vulnerability assessment
Vulnerability Remediation
AI-powered vulnerability detection and remediation with customized fix options, including automatic code fixes and expert consulting
Software Supply Chain Analysis
Detailed component and dependency inventory tracking with dynamic SBOM updates across software development lifecycle changes
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
71 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Information Technology and Services
Good value for the money
Reviewed on Feb 12, 2025
Review provided by G2
What do you like best about the product?
it has a constant engagement from different people.
What do you dislike about the product?
not all of the guys are experienced.
it does not replace pentesting but it surely helps.
The interface its not great, its easy to get lost or miss reports.
it does not replace pentesting but it surely helps.
The interface its not great, its easy to get lost or miss reports.
What problems is the product solving and how is that benefiting you?
it serves as pentesting replacement.
Faizan Nehal
Platform supports skill development with effective vulnerability reporting
Reviewed on Feb 03, 2025
Review provided by PeerSpot
What is our primary use case?
My use case is similar to DuckTron. The processes I use for DuckTron are exactly the same for HackerOne . Therefore, there isn't much of a difference. I use HackerOne for finding vulnerabilities and reporting them, then receiving rewards akin to a bug bounty program.
Within my organization, HackerOne is used for vulnerability coordination through its user interface, which lists programs and websites for reporting vulnerabilities.
What is most valuable?
HackerOne is larger than WebCloud and has a better reputation than BugCloud, which results in a smoother process. Both platforms are similar in using their interfaces to list programs and facilitate reporting vulnerabilities, whether public or private.
What needs improvement?
Everything has become slower on HackerOne. I have noticed that older researchers receive all the private invites while newer ones receive fewer. The same goes for real-life events, where the same people are invited repeatedly. There are no clear guidelines for being invited to programs and conferences, and the process for receiving invitations appears arbitrary.
For how long have I used the solution?
I have used it for the same duration as other cloud services.
What do I think about the stability of the solution?
I have never faced any stability issues on HackerOne for the past four years. Everything was always completely smooth.
What do I think about the scalability of the solution?
HackerOne has high scalability. It is a large platform with many programs and clients, so I would rate it a nine out of ten.
How are customer service and support?
Technical support at HackerOne has slowed down considerably compared to four years ago. Previously, the support was quicker and more detailed, which is not the case now.
Which solution did I use previously and why did I switch?
I have tried Integrity and reported vulnerabilities there, and I have tried SVHack. However, I spend 90% of my time on HackerOne.
How was the initial setup?
The initial setup is simple and straightforward, which I would rate a nine out of ten. I have never faced any difficulties during this process.
What was our ROI?
HackerOne is free of cost for us. We receive rewards without needing to invest any money, so the return on investment is substantial.
What's my experience with pricing, setup cost, and licensing?
The cost is rated as one since there is no need to pay anything, not even a fee or commission.
Which other solutions did I evaluate?
I have tried other platforms like Integrity and YesLack, however, I focus most of my time on HackerOne.
What other advice do I have?
I rate HackerOne a nine out of ten.
It is slightly better than BugCloud. While some aspects have slowed down, HackerOne is still a strong platform for enhancing skills and offers an excellent initial setup. They should improve their invitation process.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Automotive
Hackerone, a platform to invite actual hackers to test your production environment
Reviewed on Jan 22, 2025
Review provided by G2
What do you like best about the product?
The fact that HackerOne employees deal with the hackers first, and they then remediate with us
What do you dislike about the product?
Sometimes the reaction time is a little slow.
What problems is the product solving and how is that benefiting you?
It is providing us with an easy way to have our publicly available resources tested without having to schedule pentests
Information Technology and Services
Solid platform with confusing UI
Reviewed on Jan 21, 2025
Review provided by G2
What do you like best about the product?
Has a good population of hackers, H1 triage service available.
What do you dislike about the product?
UI is confusing and H1 triage serice can be spotty/breaks SLA.
What problems is the product solving and how is that benefiting you?
A way to manage security bug reports including triaging and payout in bug bounty program management.
Computer & Network Security
HackerOne is a Bug Bounty Provider
Reviewed on Jan 15, 2025
Review provided by G2
What do you like best about the product?
HackerOne's main strength is the hacker cohort it comes with, and the ease of rewarding said hackers. We rely on the triage team to handle the noise to separate the real risks from the chaff. HackerOne has extensive API capabilities that are essential to our usage.
What do you dislike about the product?
HackerOne is only one Bug Bounty vendor, and it's not certain what HackerOne does to attract hackers that have not used HackerOne, or have left in the past. Some functionalities are behind in the times, such as hacker credential issuance functionality, and when new features roll out, they often don't have a "try this new interface" function to get used to the new way things are laid out. The Triage team can be quite lacking in response speed and accuracy, especially with complex risks.
What problems is the product solving and how is that benefiting you?
HackerOne solves the need for an initial first-pass of submissions from hackers, and the payments issued to hackers.