My main use case for HackerOne is mostly for submitting bugs. I get into the programs listed there, find one that is suitable for me, do my penetration testing on the systems, try to bypass some controls, and if I find a bug, I submit it on HackerOne.

A specific example of a bug I found and submitted through HackerOne that stood out to me involves race conditions because they resonate with me as a unique type of bug. If you can submit simultaneous requests to a program or a system and it fails to queue those requests properly, you end up getting the same response for multiple requests, which I find incredible, so I tend to focus on race conditions.

I use HackerOne as an individual, primarily as a side hustle. While I'm working for the organization, I do projects related to it, but in my free time, I get into HackerOne and try to hack other systems that are not related to my organization, helping other organizations enhance their security.

Once I submit any bug on HackerOne and it's verified, a team member from that specific organization fixes the bug. After it has been fixed, I have to retest it, as well as the HackerOne team, to ensure it has been fixed, and then I can confirm it on my end, ultimately making the organization much more secure.

In my experience, the best features HackerOne offers include a simple user interface. When I first got into using HackerOne, I did not have anyone to guide me, so I just registered, logged in, and quickly figured out how to filter the scope, filter organizations, and choose which system to try and hack. It has a very simple user interface, and it gives you a quick response—if you submit a bug, someone reaches out to you within minutes, telling you they will verify the bug, and it can be verified in just a few days, sometimes even less than a day, which stands out for me.

The fast verification process impacts my motivation significantly because a quick response keeps me motivated. I feel that having someone respond in minutes is encouraging, and if I'm going to try and hunt bugs today, I would appreciate a response within the day or at least within a few days. Some programs take long to respond, and then you lose motivation; so for me, the quick responses motivate me to continue submitting bugs.

I also appreciate the ability to filter programs on HackerOne. I like to focus on web applications, so when I log in and look at the available programs, I can filter specifically for ones related to domains, making it much easier compared to sifting through all programs to find domain-related ones or web, API, etc.

I think HackerOne can be improved by allowing new users to gain access to certain programs that are only open to known, renowned users. Sometimes new users don't receive invites just because they are new, despite potentially being very skilled hackers, so I feel new users should get more chances and opportunities.

I am currently satisfied with the rewards, response time, and other aspects of the platform, so I don't have anything else to add about the necessary improvements.

I give HackerOne a nine out of ten because if new hackers are given more opportunities, it could be a perfect 10 for me. However, the reason I gave a nine is that I don't have much to complain about; I specifically love the program and don't have many concerns.

I have been working in my current field since 2020, so by the end of this year, I'll be clocking six years.

HackerOne is stable for me; I have no complaints regarding uptime or reliability.

HackerOne's scalability works well, as it can handle a growing number of users or submissions smoothly.

I've never had to reach out to customer support, so I don't have any comments on that experience.

I have not used any other solution for bug bounty or vulnerability submissions; just HackerOne.

I have not experienced any costs since I use HackerOne independently, just logging into the site, hunting bugs, and submitting them without any expenses.

Before choosing HackerOne, I evaluated other options like Yes We Hack and Bugcrowd.

I would highly advise others looking into using HackerOne to start using it for the great experience, great response time, and good rewards; I would highly recommend it. My company does not have any business relationship with HackerOne other than being a customer. I was offered a gift card or incentive for this review. The review rating is 9 out of 10.

My use case is similar to DuckTron. The processes I use for DuckTron are exactly the same for HackerOne. Therefore, there isn't much of a difference. I use HackerOne for finding vulnerabilities and reporting them, then receiving rewards akin to a bug bounty program. 

Within my organization, HackerOne is used for vulnerability coordination through its user interface, which lists programs and websites for reporting vulnerabilities.

HackerOne is larger than WebCloud and has a better reputation than BugCloud, which results in a smoother process. Both platforms are similar in using their interfaces to list programs and facilitate reporting vulnerabilities, whether public or private.

Everything has become slower on HackerOne. I have noticed that older researchers receive all the private invites while newer ones receive fewer. The same goes for real-life events, where the same people are invited repeatedly. There are no clear guidelines for being invited to programs and conferences, and the process for receiving invitations appears arbitrary.

I have used it for the same duration as other cloud services.

I have never faced any stability issues on HackerOne for the past four years. Everything was always completely smooth.

HackerOne has high scalability. It is a large platform with many programs and clients, so I would rate it a nine out of ten.

Technical support at HackerOne has slowed down considerably compared to four years ago. Previously, the support was quicker and more detailed, which is not the case now.

I have tried Integrity and reported vulnerabilities there, and I have tried SVHack. However, I spend 90% of my time on HackerOne.

The initial setup is simple and straightforward, which I would rate a nine out of ten. I have never faced any difficulties during this process.

HackerOne is free of cost for us. We receive rewards without needing to invest any money, so the return on investment is substantial.

The cost is rated as one since there is no need to pay anything, not even a fee or commission.

I have tried other platforms like Integrity and YesLack, however, I focus most of my time on HackerOne.

I rate HackerOne a nine out of ten. 

It is slightly better than BugCloud. While some aspects have slowed down, HackerOne is still a strong platform for enhancing skills and offers an excellent initial setup. They should improve their invitation process.

I mainly use it for downtime activities, earning extra cash alongside a full-time job, and to get new sales and profits.

It helps me to get new sales, profits, and other benefits.

The main thing I like about HackerOne is that it provides a direct way to contact the program directly without the need to wait for weeks to get issues finalized and validated. They have streamlined the complete process, which gives a sense of security to the users.

The ability to view the conversation between the triagers and the programs will be really good. When an issue gets reported, the understanding conveyed to the program by the triagers is not visible to the reporter. This can cause gaps between what the finder has reported and what is explained to the program. If this communication is visible, it would benefit both parties.

I have been using it for over three years, around three years.

I have not had any issues with stability like bugs or breakdowns.

The scalability is good. It is easy to scale up or down data.

The responsiveness has been good.

Positive

I did not use any different solution before using HackerOne.

The initial setup is not rocket science. It is something easy.

It is free.

The improvements which I have listed should be considered.

I use the tool for vulnerability assessment and testing. 

The most valuable feature of HackerOne is its variety of programs. These programs provide depth into various areas, such as mobile, API, and websites. 

Response time can be improved. The HackerOne Trust team can be slow to respond sometimes. They're not using AI, which could help reduce the number of duplicate reports.

I have been using the product for one and a half years. 

The tool is stable and has only minor bugs. 

The solution is only scalable for registered users, not for mass people.

The solution is free. 

Integrating HackerOne into existing security protocols is impossible because it's just a platform. I rate the overall solution a six out of ten. For beginners, HackerOne is quite intuitive if you know the basics. You can easily create an account and start exploring different things.

I use the tool for hacking, practicing, and doing responsible vulnerability disclosure.

I don't use the tool in my day-to-day work. It's more for freelancing. I search for open platforms where I can do penetration testing on websites. If I find any bugs or vulnerabilities, I get paid. So, I do it as a freelancing activity, and it's really helpful.

Apart from getting all the bug bounty opportunities, we also get the chance to practice in a safe environment, like a demo setup. These features are great for beginners who want to explore bug bounties in the future.

One issue I've experienced is traffic. Many people try to participate when an opportunity with a bounty of around 1,000-15,000 dollars comes up. In this case, the first person to report the vulnerability gets the bounty. If a second person reports the same vulnerability, they are marked as duplicated instead of receiving some recognition. The second person also invested time finding the issue, so I think this can be improved.

I have been using the product for three to four years. 

HackerOne is stable. 

I haven't contacted the tool's technical support yet. 

I decided to go with HackerOne because I have experience with three bug bounty platforms: HackerOne and Bugcrowd. With Bugcrowd, you have to search for opportunities. In contrast, HackerOne presents opportunities directly when you log in. Additionally, other platforms' server response time and reporting methods are longer compared to HackerOne. HackerOne's reporting process is straightforward, with dropdown options for selecting the website and type of vulnerability.

The solution doesn't need an installation since it's a SaaS model. It's very easy to use. When you log in for the first time, you'll directly see the opportunities page, where companies are ready for you to hack. The opportunities are right before you, so you don't have to search for them like on other platforms. 

The tool is open-source and free for bug bounty hunters. 

In college, I started using HackerOne and taught my 10-20 juniors how to use it. I'm sure they might still be using it in their lives right now. The biggest challenge integrating HackerOne into my existing security protocols has been on my side, not the tool's. I need to take the time out to use and practice with it, but currently, I'm unable to give it the time I used to. There's no issue from the application side.

To use the tool, you first need a basic knowledge of cybersecurity terms, like exploits and vulnerabilities, and how to identify them. Once familiar with these basics, you can learn more from the resources and platforms HackerOne provides. They offer tickets and guides to help you understand the methods for finding and exploiting vulnerabilities.

Before deciding to use the solution in your organization, consider the purpose. HackerOne is a multi-platform. If the goal is to spread awareness about cybersecurity or to make the security team more active in learning about hacking methods and new vulnerabilities, then it can be very effective. It allows the team to earn extra money while learning and exploring new vulnerabilities in the market, potentially even finding zero-day vulnerabilities.

I would rate HackerOne around an eight to nine out of ten. The application is simple to use, offering numerous opportunities and scopes for exploration. It covers many platforms, including web, Android, and iOS applications. However, the high traffic can sometimes be a drawback. If they manage this issue by implementing features like consolidation pricing for duplicate vulnerabilities, it could easily be a ten out of ten.