HackerOne
HackerOneExternal reviews
77 reviews
from
and
External reviews are not included in the AWS star rating for the product.
The best community of hackers
What do you like best about the product?
Extremely easy to get starting. I like the community aspect of the platform, and had extremely positive interactions with some hackers that went above and beyond what was requested from them.
Some hackers are too imaginative for their own good and found the weirdest bugs in our application or platform. In my opinion, a good bug bounty program is way more valuable to us than regular pen testing.
Some hackers are too imaginative for their own good and found the weirdest bugs in our application or platform. In my opinion, a good bug bounty program is way more valuable to us than regular pen testing.
What do you dislike about the product?
Triage can be slow at time and hit-and-miss depending on the complexity of the report and whether your systems are locked down.
Credentials Management is in dire need of improvements.
Some hackers do not respect the program guidelines, with Hackerone not interested in investigating or mediating breaches of conduct. This creates an environments where hackers gain more from not respecting guidelines if they eventually find something as a result. This can cost money and time to manage.
Credentials Management is in dire need of improvements.
Some hackers do not respect the program guidelines, with Hackerone not interested in investigating or mediating breaches of conduct. This creates an environments where hackers gain more from not respecting guidelines if they eventually find something as a result. This can cost money and time to manage.
What problems is the product solving and how is that benefiting you?
Bug bounty program made easy.
Covering Blind Spots with Reliable Security and Support
What do you like best about the product?
HackerOne is an excellent platform for strengthening cybersecurity. The team is incredibly helpful, offering personalized advice to ensure you get the most out of the service. It is also a fantastic addition to any security strategy, filling gaps that traditional penetration tests might miss.
With a user-friendly interface and access to skilled ethical hackers, it’s a reliable and efficient way to manage vulnerabilities.
Highly recommend!
With a user-friendly interface and access to skilled ethical hackers, it’s a reliable and efficient way to manage vulnerabilities.
Highly recommend!
What do you dislike about the product?
At times, the triage process might struggle to reproduce an issue, which can require additional clarification.
Additionally, if your systems are highly locked down, setting up access and accounts for hackers can be time-consuming and require extra effort. This step is not inherently problematic but does demand proper planning to ensure the process runs smoothly and you can reap the benefits of using the program as soon as possible.
Additionally, if your systems are highly locked down, setting up access and accounts for hackers can be time-consuming and require extra effort. This step is not inherently problematic but does demand proper planning to ensure the process runs smoothly and you can reap the benefits of using the program as soon as possible.
What problems is the product solving and how is that benefiting you?
HackerOne is helping us uncover security issues we weren’t aware of, adding an extra layer of protection that enhances our overall security posture.
H1 BBP: Things to be desired occasionally, but always an important and valuable tool
What do you like best about the product?
As an organization that had paid limited attention to application security before contracting with HackerOne, it was easy to get started and immediately see clear value and return. We still have a relatively junior application security program, but we've made huge leaps thanks to the experience gained from the program. Researchers have shown us how to bypass major defensive controls, development groups have been caught violating best practices, and associated vendors with security assurances have been discovered to be not-so-secure.
It can be quite the investment, but we can feel our organization getting stronger because of this product.
It can be quite the investment, but we can feel our organization getting stronger because of this product.
What do you dislike about the product?
HackerOne Triage services can feel inadequate at times. Our contacts have always been receptive to hearing us out and adjusting things when needed, but it's always been an uphill battle to get consistent service. This applies to both the quality and speed of service. Sometimes submissions are processed before we even know they arrived, and sometimes the summaries by the triagers are better than the actual hacker's reports. However, the opposite end of the spectrum is also true in equal proportion, even when routinely working with the same triagers.
The platform also lacks important asset management settings, reward calculation options, and reliable metrics. The current system does the job, but more robust tools would be ideal given the need to be precise, ethical, and fair while issuing financial rewards and having to justify those figures back to your organization.
The platform also lacks important asset management settings, reward calculation options, and reliable metrics. The current system does the job, but more robust tools would be ideal given the need to be precise, ethical, and fair while issuing financial rewards and having to justify those figures back to your organization.
What problems is the product solving and how is that benefiting you?
HackerOne is our primary post-production monitoring solution, and we feel confident knowing there are always eyes on our public-facing applications. The researchers we work with are extremely motivated and creative, and the value of their efforts, along with our partners at H1, is evidenced by our continued usage and reliance on H1 BBP.
Strong platform, large hacker community,
What do you like best about the product?
Platform is full featured - good functionality for managing reports, multiple programs, bounties etc
Even for our unusual use-case, the broad hacker community was able to find vulnerabilities and deliver the ROI we were looking for
CSMs are knowledgable and great to work with
Even for our unusual use-case, the broad hacker community was able to find vulnerabilities and deliver the ROI we were looking for
CSMs are knowledgable and great to work with
What do you dislike about the product?
Relatively high base-platform fee - moslty offset by the platform/community features
What problems is the product solving and how is that benefiting you?
Ensure our products are vulnerability-free. Getting quick assessments when we have new products.
Helps us wrangle all our cats
What do you like best about the product?
It helps us coordinate our many repeat yearly pentests into one manageable platform.
What do you dislike about the product?
The user rights management is one of the convoluted I've ever used, for example I have to assign rights to a new pentest to every individual analyst working on it, every time.
There was also a period where we had a new technical contact ever 2-3 months, with a 3 month span where we just didn't seem to have one.
There was also a period where we had a new technical contact ever 2-3 months, with a 3 month span where we just didn't seem to have one.
What problems is the product solving and how is that benefiting you?
We have over a dozen individual application pentests we need to do every year, hackerone lets us scope, schedule, and repeat them in a relatively easy manner.
An Essential Platform for your Security Team
What do you like best about the product?
I find HackerOne's VDP incredibly valuable. It provides a crucial extension to our limited internal resources, allowing us to leverage the expertise of a vast network of security researchers to identify vulnerabilities we might otherwise miss. Given our recent experience with asset loss highlighting gaps in our security posture, a proactive approach like HackerOne is essential for mitigating risk and improving our overall security. The platform's structured process for vulnerability disclosure and remediation helps us manage and prioritize fixes efficiently, even with limited personnel. It's a cost-effective way to enhance our security program and gain valuable insights from a diverse range of perspectives.
besides, Once in some cases, HackerOne will help you facilitate the working progress between your company and security researchers.
besides, Once in some cases, HackerOne will help you facilitate the working progress between your company and security researchers.
What do you dislike about the product?
The budget for HackOner is not a big deal for a small company like us :D
What problems is the product solving and how is that benefiting you?
- HackerOne delivers us with External Pentest service which is an essential requirement of most security frameworks
- Besides, HackerOne VPD program help us to find out Product Vulnerability and Cyber Threats
- Besides, HackerOne VPD program help us to find out Product Vulnerability and Cyber Threats
A Trusted Ally for Proactive Vulnerability Management
What do you like best about the product?
I’ve been using H1 for a while, and one of the things I like is how easy it is to discovery and track of everything. It’s great in the moment to connect our team with security researchers, helping us find vulnerabilities before they turn into potential security incidents. What stands out to me the most is you can customize bounty programs to fit your goals.
What do you dislike about the product?
H1 is a great platform, but like anything, there’s room for improvement. Setting up a bug bounty program for the first time can feel a bit overwhelming, especially if you’re new to it and not sure where to start. But this is not a pitfall at all honestly.
What problems is the product solving and how is that benefiting you?
H1 has been a great helper for our team when it comes the moment to stay updated. It’s amazing how it connects us with talented and skillful security researchers from around the world, and how the H1 Analysts support us. Thanks to their insights, we’ve caught vulnerabilities that probably would’ve slipped through the cracks with regular security tests.
A must-have if you're serious about security
What do you like best about the product?
It's not really about the platform but the service, HackerOne is probably the most well-known bug bounty platform, the experience (both on the researcher and the "business" side) is very well curated and there is no substitute for the amount of visibility that this service will give to your bug-bounty program.
What do you dislike about the product?
Nothing really to dislike here but sometimes the triaging workflow is a bit clunky and we had a couple of bugs with notifications but none of these problems really affected the service in a major way
What problems is the product solving and how is that benefiting you?
Managing and sponsoring a bug bounty program, the service really takes a ton of implementation/maintenance time out of these activities
Excellent platform for bug bounty
What do you like best about the product?
HackerOne offers a great platform for bug bounty management. We were able to have a program launched in a snap, get hackers testing our system, and find potential issues.
What do you dislike about the product?
The quality of the community report can vary. We wanted to improve the signal to noise ratio, which HackerOne did, but it's still far from perfect.
What problems is the product solving and how is that benefiting you?
We get our system all year round tested by hackers, plus a annual pentest.
Powerful Platform for Effective Security Testing
What do you like best about the product?
HackerOne has been transformative for our security program. The platform connects us with top-notch ethical hackers, uncovering vulnerabilities that traditional tools missed. The interface is user-friendly, making it easy to manage and track reports. Their triage support helps us quickly validate and prioritize findings, saving our team time and effort.
The customization options, including private programs and flexible bounties, allow us to tailor the platform to our needs. Overall, HackerOne has improved our security and credibility, making it an excellent choice for any company focused on proactive security.
Key Pros
Skilled global talent pool
Clear UI and effective triage support
Flexible customization and insightful analytics
The customization options, including private programs and flexible bounties, allow us to tailor the platform to our needs. Overall, HackerOne has improved our security and credibility, making it an excellent choice for any company focused on proactive security.
Key Pros
Skilled global talent pool
Clear UI and effective triage support
Flexible customization and insightful analytics
What do you dislike about the product?
Our budget took a little hit, but hey, security is priceless, right? 😅
What problems is the product solving and how is that benefiting you?
HackerOne helps us identify and resolve security vulnerabilities we might have missed with traditional tools. By leveraging a global network of skilled hackers, we get diverse insights, faster detection, and improved protection, ultimately strengthening our overall security posture.
showing 11 - 20