- Hands-On Bug Hunting for Penetration Testers
- Joseph Marshall
- 233字
- 2021-07-16 17:53:03
HackerOne
HackerOne (https://www.hackerone.com/) is a similar platform – it has its own point system (reputation) and also calculates a variety of metrics that it uses as the basis for its Leaderboard and for invitations to its own private programs.
Like Bugcrowd, it also has a bug bounty policy for itself – if you find a vulnerability in one of its sites or apps, you're entitled to a reward. Interestingly though, you might still be entitled to a reward even if you don't discover a bug. From their site:
"HackerOne is interested in your research on our systems, regardless of whether you found a security vulnerability. If you have found yourself looking at a particular feature on one of our assets but didn't find anything, please submit a report that describes all the different things you tried and failed. We may reward you for substantial research performed on assets under our bug bounty policy."
This is an usual policy that still makes sense: providing a detailed list of everything that worked is its own audit of the company's resources, even if it doesn't cover any vulnerable areas.
HackerOne and Bugcrowd both have a similar breadth of different companies, with different products, business models, and security needs. HackerOne does have a few notable companies that are exclusive to its platform, most notably Twitter, but generally the offerings are very similar.
- 科技安全:戰略實踐與展望
- SASE原理、架構與實踐
- Practical Network Scanning
- INSTANT Metasploit Starter
- 工業控制網絡安全技術
- 數據安全實踐指南
- 代碼審計:企業級Web代碼安全架構
- 硬黑客:智能硬件生死之戰
- 從實踐中學習Kali Linux滲透測試
- Advanced Penetration Testing for Highly:Secured Environments(Second Edition)
- 華為防火墻實戰指南
- 信息安全工程與實踐
- Mastering Metasploit
- INSTANT Microsoft Forefront UAG Mobile Configuration Starter
- 云原生安全