Agent Mode
English

HackerOne

HackerOne

Reviews from AWS customer

2 AWS reviews

External reviews

77 reviews
from and

External reviews are not included in the AWS star rating for the product.

4-star reviews ( Show all reviews )

    Toufik A.

One of the best BB platform

  • May 11, 2026
  • Review provided by G2

What do you like best about the product?
I appreciate being connected with a relevant community, which enables us to identify serious and impactful vulnerabilities across our scope. The ticketing interface is quite user friendly, and I found the initial setup of the HackerOne Platform quite easy.
What do you dislike about the product?
I believe HackerOne should introduce an ACK status to acknowledge the initial review of a report.
What problems is the product solving and how is that benefiting you?
The HackerOne Platform enables me to engage with a community that helps identify serious and impactful vulnerabilities across our scope.

    Mikhail Y.

Powerful Bug Bounty Platform with Room for Improvements

  • May 09, 2026
  • Review provided by G2

What do you like best about the product?
I love the quality of the researcher community on the HackerOne Platform. The reports we receive are usually well written and reproducible, which makes our job way easier. It really helps us scale our security testing by allowing external researchers to find issues like IDORs, SSRFs, and logic flaws, which is huge. The triage and payout flow save us a lot of time. Additionally, their team helped with the smooth setup by scoping the program and defining policy.
What do you dislike about the product?
The dashboard can feel a bit cluttered when you have a lot of reports, and reporting/analytics could be more flexible. Pricing also gets pretty steep as you scale. Custom dashboards and exports are a bit limited. We'd love to slice data by asset, severity, and time more freely, and pull cleaner CSV/API data for our own BI tools. Trend reports across programs would also help.
What problems is the product solving and how is that benefiting you?
I use HackerOne Platform to scale our security testing, engage external security researchers, and triage reports efficiently. It saves us time with structured payouts and tracking vulnerabilities.

    E B.

Vital for Security with Top Hackers

  • May 07, 2026
  • Review provided by G2

What do you like best about the product?
I appreciate that the HackerOne Platform gives us access to some of the top hackers in the world. The platform provides best in class tooling for us to manage their reports. By having top hackers, we are more likely to find serious security issues before adversaries do.
What do you dislike about the product?
Triage can be slow and painful, or make mistakes because they don't know the product as well as company employees. The premiums to run on the platform can be quite high, especially relative to professional services hours actually given or triage times.
What problems is the product solving and how is that benefiting you?
It allows us to receive responsible disclosure of security vulnerabilities from researchers and hackers in exchange for financial compensation.

    Pranay S.

Streamlined Security with Expert Support

  • May 06, 2026
  • Review provided by G2

What do you like best about the product?
I like the ease of understanding the report and the triaging done by the HackerOne team. It saves a lot of time for us since the initial triaging is done by them, and then they provide us with a final detailed report that we can work on directly. The expertise from the HackerOne team makes it easier for us to have back and forth questions if we have any technical questions related to the findings. They also coordinate with the researcher, which solves a lot of problems for us. The initial setup was pretty much straightforward and didn't take much time. The guided setup made it easy for us to set up and onboard members.
What do you dislike about the product?
Nothing in particular. Maybe, yeah. I think probably if HackerOne conducts events where organizations are invited and maybe they can give a walk through about the product and any new features, that would be something useful.
What problems is the product solving and how is that benefiting you?
I use HackerOne Platform to get reports from researchers, helping us strengthen our product by identifying and fixing gaps we couldn't find ourselves. This leads to more detailed analysis and better product improvement.

    NitishKumar

Crowdsourced security has strengthened our bug discovery and improved vulnerability response

  • April 28, 2026
  • Review from a verified AWS customer

What is our primary use case?

Our main use case for HackerOne is to create a bridge between the organization and a global community of ethical hackers where we ask them to find bugs in our environment, and based on that, they provide us the bugs we have.

A quick example of how I've used HackerOne is that it provides us bug bounty programs and vulnerability disclosure programs where multiple bug bounty hunters submit their findings about the organization, and those vulnerabilities or bugs are fixed by us. For instance, we received many alerts about expired or mismatched SSL certificates.

We utilize HackerOne's web page where we log in to see what vulnerabilities are there and what else has been discovered, and based on that, we pick and work on the issues we need to fix.

What is most valuable?

HackerOne offers bug bounty programs, vulnerability disclosure programs, red teaming, attack surface management, and other valuable features.

I find bug bounty programs most valuable for our organization because they invite researchers from around the globe to find bugs in our environment, allowing us to fix various severity vulnerabilities or bugs that, if left unaddressed, could lead to losing customers.

HackerOne has positively impacted my organization as hiring red teamers to find vulnerabilities would have taken a lot of time, but through HackerOne, we access a vast number of ethical hackers who help identify bugs, which is invaluable for us.

What needs improvement?

HackerOne is already doing well, although I believe implementing stricter SLAs for the time to first response and time to bounty would help prevent researchers' burnout, especially regarding duplicate submissions.

I suggest systematic bug rewards because currently, if a researcher finds one bug in multiple places, they often only get paid for one. Improving the handling of systemic vulnerabilities would encourage deeper research. Additionally, improving multi-currency and crypto payout options would help make the platform more accessible globally.

For how long have I used the solution?

I work in my current field for 7.5 years.

What do I think about the stability of the solution?

HackerOne is stable.

What do I think about the scalability of the solution?

HackerOne's scalability is designed to solve noise problems that typically kill security programs as they grow. It maintains a high signal-to-noise ratio and addresses scalability through infrastructure, triage services, and AI automation, ensuring it handles more reports effectively.

How are customer service and support?

Customer support can improve, as there are instances of ghosting that need to be addressed. I would rate customer support a six out of ten.

Which solution did I use previously and why did I switch?

I am using HackerOne only, with no previous solutions.

How was the initial setup?

I'm not very sure about pricing, setup costs, and licensing, as those are managed by our management team.

What about the implementation team?

We are just a customer of HackerOne, without any business relationship beyond that.

What was our ROI?

I notice a return on investment through the group of researchers at HackerOne identifying vulnerabilities, saving us money, time, and manpower, with the efficiency of HackerOne allowing them to accomplish in three to four hours what would take two red teamers a whole day.

What's my experience with pricing, setup cost, and licensing?

I'm not very sure about pricing, setup costs, and licensing, as those are managed by our management team.

Which other solutions did I evaluate?

Before choosing HackerOne, we evaluated competitors such as Bugcrowd and Intigriti but opted for HackerOne due to its typical rating of 8.5 out of 10 and its enterprise-grade programs.

What other advice do I have?

My advice for others looking into using HackerOne is that it stands above competitors such as Bugcrowd, Intigriti, and Synack, making HackerOne preferable. We covered all the important points regarding HackerOne. I gave this review a rating of 8 out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    Pranay Jain

Ethical hacking has strengthened security testing and prevents critical data exposure

  • February 25, 2026
  • Review from a verified AWS customer

What is our primary use case?

I use HackerOne for the bug bounty platform to find security issues. When we discover vulnerabilities, we receive awards for them.

Before testing any new payment API for public release, we can have time-bound testing with expert-selected hackers. I have been part of that community to test different applications and identify vulnerabilities so that companies can get an overview before reaching the job market.

HackerOne has impacted my work through testing other applications. Ethical hackers on the platform can test thoroughly from end to end, providing new features and insights that give companies and products a competitive edge.

For example, Uber Technologies ran a production bug where user data could be accessed by changing the user ID in the API request, allowing receipts to be downloaded for any particular user. This bug was present in production and was not found by others. It prevents data leaks and regulatory fines that would occur if the bug reached the real world, while also protecting customer trust.

How has it helped my organization?

Improvements are visible across internal security testing. Now, 24/7 global ethical hackers testing should be in place to improve the critical vulnerabilities before we reach production. Faster detection and remediation can be accomplished.

What is most valuable?

HackerOne's bug bounty programs are excellent, and penetration testing is also very good. Security testing of any application can be performed before launching a feature.

HackerOne is a very good platform with the trust of different companies including Shopify, PayPal, and Uber. This creates a stronger brand perception and competitive market positioning.

What needs improvement?

HackerOne has trust from companies such as Shopify, PayPal, and Uber, which provides a stronger brand perception and competitive market positioning. However, I reduced my rating by one mark because a proper internal triage team should be in place, not as a replacement for internal security controls.

For how long have I used the solution?

I have been using HackerOne since my college days, for about four years.

What do I think about the stability of the solution?

HackerOne is very stable.

What do I think about the scalability of the solution?

HackerOne is very scalable because we can put bounties for any number of hackers at the same time and test thoroughly. It also grows with the organization's security needs.

How are customer service and support?

We have not faced significant issues requiring customer support, but we did have one experience. HackerOne provides many levels of customer support. We have priority support because we are a higher tier, and with high report volumes, the turnaround time is very good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not use any other solutions before HackerOne. This was our first approach.

How was the initial setup?

We used a subscription for the platform and purchased payouts to the hackers for bounty payments.

What about the implementation team?

The ethical hackers and team members involved in testing will have better outcomes. However, there is no fixed public pricing.

What was our ROI?

We have seen return on investment. There is no upfront licensing price, and costs depend upon the scope, number of assets, team size, and support level.

Which other solutions did I evaluate?

We did not evaluate another option, but we considered Bugcrowd as an alternative. Bugcrowd offers crowd-sourced security testing and bug bounty programs similar to HackerOne.

What other advice do I have?

There was an event related to bug bounty in which I participated. I could find an issue but could not identify the actual root cause. It was from Uber Technologies involving an insecure direct object reference vulnerability. The user ID in an API request allowed access to another user's trip receipts. This was a gift card-related issue. I would rate this review as nine out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    Ashwini B

Collaboration with ethical hackers has improved and AI-driven insights help manage bug bounties

  • January 29, 2026
  • Review provided by PeerSpot

What is our primary use case?

I am currently using Wiz, a scanning solution for cloud, to see if we are collecting reviews for any of these tools. My company has bought the license for Wiz, and we are using it as consumers.

HackerOne is used for bug bounty management. Whenever outsiders report any public-facing vulnerabilities or faults in our public-facing websites or domains, we receive a notification, validate it, and award bounties accordingly.

The ease of collaboration with ethical hackers on HackerOne has been quite good. From my experience, they respond when we do not have enough information on the findings.

Since starting work with HackerOne six months ago, we had other previous tools as well. HackerOne has been the right fit for our current situation.

What is most valuable?

The steps to reproduce are valuable aspects of HackerOne, and the AI capabilities have been more useful.

The customizable bounty programs have helped attract high-quality insights for us.

I find the AI and customizable features useful because they help us summarize information from a layman's perspective as well as for a technical person.

What needs improvement?

One limitation is that if a finding has been reported on HackerOne and was also reported earlier by another user or outsider, the platform is not able to collate that information together. If it is a repeated finding, we are not able to identify it automatically and must do it manually.

When reporting something, the platform should indicate that it was reported in the previous year or on a specific date, which would give us more insight into what action we have taken on that issue.

The reporting side is quite fine because we are using another tool for reporting purposes, so I did not find any issues there since we did not do much exploration on that side.

How are customer service and support?

The ease of collaboration with ethical hackers on HackerOne has been quite good. From my experience, they respond when we do not have enough information on the findings.

Which solution did I use previously and why did I switch?

Since starting work with HackerOne six months ago, we had other previous tools, though I do not remember their names now. HackerOne has been the right fit for our current situation from both a functionality and cost-effectiveness perspective.

When I took on the bug bounty program, HackerOne was already being used, possibly due to cost considerations or its functionality.

What other advice do I have?

I do have experience with other solutions, but currently I am not using them. I am using some other solutions now. We are exploring additional options but have not yet implemented them. My overall rating for this product is 8 out of 10.

    Ruphus Muita

Has improved my motivation to submit bugs consistently through fast response and clear filtering

  • October 29, 2025
  • Review provided by PeerSpot

What is our primary use case?

My main use case for HackerOne is mostly for submitting bugs. I get into the programs listed there, find one that is suitable for me, do my penetration testing on the systems, try to bypass some controls, and if I find a bug, I submit it on HackerOne.

A specific example of a bug I found and submitted through HackerOne that stood out to me involves race conditions because they resonate with me as a unique type of bug. If you can submit simultaneous requests to a program or a system and it fails to queue those requests properly, you end up getting the same response for multiple requests, which I find incredible, so I tend to focus on race conditions.

I use HackerOne as an individual, primarily as a side hustle. While I'm working for the organization, I do projects related to it, but in my free time, I get into HackerOne and try to hack other systems that are not related to my organization, helping other organizations enhance their security.

How has it helped my organization?

Once I submit any bug on HackerOne and it's verified, a team member from that specific organization fixes the bug. After it has been fixed, I have to retest it, as well as the HackerOne team, to ensure it has been fixed, and then I can confirm it on my end, ultimately making the organization much more secure.

What is most valuable?

In my experience, the best features HackerOne offers include a simple user interface. When I first got into using HackerOne, I did not have anyone to guide me, so I just registered, logged in, and quickly figured out how to filter the scope, filter organizations, and choose which system to try and hack. It has a very simple user interface, and it gives you a quick response—if you submit a bug, someone reaches out to you within minutes, telling you they will verify the bug, and it can be verified in just a few days, sometimes even less than a day, which stands out for me.

The fast verification process impacts my motivation significantly because a quick response keeps me motivated. I feel that having someone respond in minutes is encouraging, and if I'm going to try and hunt bugs today, I would appreciate a response within the day or at least within a few days. Some programs take long to respond, and then you lose motivation; so for me, the quick responses motivate me to continue submitting bugs.

I also appreciate the ability to filter programs on HackerOne. I like to focus on web applications, so when I log in and look at the available programs, I can filter specifically for ones related to domains, making it much easier compared to sifting through all programs to find domain-related ones or web, API, etc.

What needs improvement?

I think HackerOne can be improved by allowing new users to gain access to certain programs that are only open to known, renowned users. Sometimes new users don't receive invites just because they are new, despite potentially being very skilled hackers, so I feel new users should get more chances and opportunities.

I am currently satisfied with the rewards, response time, and other aspects of the platform, so I don't have anything else to add about the necessary improvements.

I give HackerOne a nine out of ten because if new hackers are given more opportunities, it could be a perfect 10 for me. However, the reason I gave a nine is that I don't have much to complain about; I specifically love the program and don't have many concerns.

For how long have I used the solution?

I have been working in my current field since 2020, so by the end of this year, I'll be clocking six years.

What do I think about the stability of the solution?

HackerOne is stable for me; I have no complaints regarding uptime or reliability.

What do I think about the scalability of the solution?

HackerOne's scalability works well, as it can handle a growing number of users or submissions smoothly.

How are customer service and support?

I've never had to reach out to customer support, so I don't have any comments on that experience.

Which solution did I use previously and why did I switch?

I have not used any other solution for bug bounty or vulnerability submissions; just HackerOne.

What's my experience with pricing, setup cost, and licensing?

I have not experienced any costs since I use HackerOne independently, just logging into the site, hunting bugs, and submitting them without any expenses.

Which other solutions did I evaluate?

Before choosing HackerOne, I evaluated other options like Yes We Hack and Bugcrowd.

What other advice do I have?

I would highly advise others looking into using HackerOne to start using it for the great experience, great response time, and good rewards; I would highly recommend it. My company does not have any business relationship with HackerOne other than being a customer. I was offered a gift card or incentive for this review. The review rating is 9 out of 10.

    Faizan Nehal

Platform supports skill development with effective vulnerability reporting

  • February 03, 2025
  • Review provided by PeerSpot

What is our primary use case?

My use case is similar to DuckTron. The processes I use for DuckTron are exactly the same for HackerOne. Therefore, there isn't much of a difference. I use HackerOne for finding vulnerabilities and reporting them, then receiving rewards akin to a bug bounty program.

Within my organization, HackerOne is used for vulnerability coordination through its user interface, which lists programs and websites for reporting vulnerabilities.

What is most valuable?

HackerOne is larger than WebCloud and has a better reputation than BugCloud, which results in a smoother process. Both platforms are similar in using their interfaces to list programs and facilitate reporting vulnerabilities, whether public or private.

What needs improvement?

Everything has become slower on HackerOne. I have noticed that older researchers receive all the private invites while newer ones receive fewer. The same goes for real-life events, where the same people are invited repeatedly. There are no clear guidelines for being invited to programs and conferences, and the process for receiving invitations appears arbitrary.

For how long have I used the solution?

I have used it for the same duration as other cloud services.

What do I think about the stability of the solution?

I have never faced any stability issues on HackerOne for the past four years. Everything was always completely smooth.

What do I think about the scalability of the solution?

HackerOne has high scalability. It is a large platform with many programs and clients, so I would rate it a nine out of ten.

How are customer service and support?

Technical support at HackerOne has slowed down considerably compared to four years ago. Previously, the support was quicker and more detailed, which is not the case now.

Which solution did I use previously and why did I switch?

I have tried Integrity and reported vulnerabilities there, and I have tried SVHack. However, I spend 90% of my time on HackerOne.

How was the initial setup?

The initial setup is simple and straightforward, which I would rate a nine out of ten. I have never faced any difficulties during this process.

What was our ROI?

HackerOne is free of cost for us. We receive rewards without needing to invest any money, so the return on investment is substantial.

What's my experience with pricing, setup cost, and licensing?

The cost is rated as one since there is no need to pay anything, not even a fee or commission.

Which other solutions did I evaluate?

I have tried other platforms like Integrity and YesLack, however, I focus most of my time on HackerOne.

What other advice do I have?

I rate HackerOne a nine out of ten.

It is slightly better than BugCloud. While some aspects have slowed down, HackerOne is still a strong platform for enhancing skills and offers an excellent initial setup. They should improve their invitation process.

    Computer Software

One of the best hacker bounty program to have

  • January 14, 2025
  • Review provided by G2

What do you like best about the product?
Collaboration and Transparency

Diverse Talent Pool: of hackers
What do you dislike about the product?
Occasional Communication Gaps:
Despite built-in tools, misunderstandings or delays in communication between researchers and team
What problems is the product solving and how is that benefiting you?
Pen testing for compliance purposes and having the best hackering find issues with our application

showing 1 - 10