HackerOne is on a mission to simplify and innovate our platform to help our customers achieve their security goals. Join us to learn about the evolution of our roadmap and get a peek at the Attack Resistance Management platform in action.

Achieving actual attack resistance is hard. Security teams are stretched thin, attack surfaces are expanding, and digital threats are increasingly difficult to detect. Automated security can find vulnerabilities in unknown assets. However, visibility alone doesn’t drive meaningful remediation. Findings from automation often lack context and force security teams to spend time combing through false positives to find the few critical vulnerabilities that require fixing. In this session, Chris Evans, CISO and Chief Hacking Officer, will discuss his security strategy for combining the power of automated scanning with the security expertise of ethical hackers to drive down risk and achieve Attack Resistance Management for HackerOne.

Gigatrends looks at the greatest technological shifts of the 21st century and lays out a roadmap to navigate the change, disruption, and opportunities they will create. From the Metaverse and Web 3.0 to the emergence of digital workers, from frictionless commerce to blockchain, and from the global healthcare crisis to Generation Alpha, Gigatrends sheds a bright and insightful light on the many unanticipated ways that technology will shape the future; connecting the dots between what are often confusing and disconnected trends to make them understandable and actionable. And all of this directly from Tom’s unique perspective of more than four decades on the front lines of the technology revolution. At a time when uncertainty seems to be looming large over every aspect of our lives. Gigatrends sets a course for the future that is realistic, fascinating, and above all, hopeful.

Modern organizations are seeing their attack surfaces expand faster than ever. Business transformation, diverse technology environments, and digital product deployments create visibility gaps that result in unknown risks—which means your resistance to a cyber attack is lower than you might think. Your security team must understand how to find, manage, and close your organization's gaps before a risk turns into an attack. Learn how teams from different industries analyze and understand their entire attack surface, then take action to remediate the most severe risks first.

As the vulnerability landscape changes through application deployment, cloud migrations, product launches, mergers and acquisitions, and more, detecting security risks before they become threats is critical to effectively defending your attack surface. Even when armed with security risk insights, what are the best ways to maximize efficacy and strengthen your security posture? Join Hyatt Hotels and the DoD's Defense Cyber Crime Center (DC3) to learn how they use vulnerability trends to inform security actions and apply those actions throughout the SDLC for a stronger security posture.

As the vulnerability landscape changes through application deployment, cloud migrations, product launches, mergers and acquisitions, and more, detecting security risks before they become threats is critical to effectively defending your attack surface. Even when armed with security risk insights, what are the best ways to maximize efficacy and strengthen your security posture? Join Hyatt Hotels and the DoD to learn how they use vulnerability trends to inform security actions and apply those actions throughout the SDLC for a stronger security posture.

Attack surfaces are expanding, spurred on by the continuous release of new digital services and business transformation. In this session you will learn why it’s time to implement an Attack Resistance Management strategy to find unknown risks that automated tools miss, then unlock the security expertise of ethical hackers to close critical gaps, rank risks, and prioritize remediations across your attack surface. This session will include live demos of HackerOne's Attack Resistance Management portfolio.

Attack Surface Management has gained a lot of momentum in today’s digital world. With organizations growing their presence online, it is harder to track and have visibility into an organization's digital footprint. Whether you are on the defensive or offensive side, join Hadrian's VP of Research & Community, Ben Sadeghipour (@NahamSec), in this session to understand the modern attacker’s perspective on approaching a company's digital assets and finding vulnerabilities within them. Additionally, he’ll demonstrate the ways you can implement a comprehensive attack surface management program to reduce your organization’s risk by leveraging Hadrian and HackerOne.

What’s your definition of a zero day? Exactly what a zero day is, and how one should be tackled when it comes to bug bounty, has been a contentious issue for years. Along hacker, Rotem Bar, and Google Project Zero researcher, Maddie Stone, HackerOne CISO and Chief Hacking Officer Chris Evans will explore why zero days have been rewarded inconsistently in bug bounty programs and why Log4j served as an inflection point for many customers. The panel will debate the challenges and solutions to protecting organizations from the most unexpected of threats, and examine the philosophy of a "pay for value" approach to zero days.

Whether cloud-native or cloud-migrated, organizations need fast, effective ways to approach an evolving attack surface in the cloud without slowing down innovation. Cloud services present unique challenges for organizations, their ease of access enables accounts to be created quickly with little oversight or security considerations. The vast number of options available to configure these cloud services can lead to common misconfigurations and exposed assets on the internet. And fundamentally, while these highly ephemeral microservices-based architectures offer boundless flexibility for the business, they present difficult trade-offs for security teams when managing risk for the organization. Join a cloud expert guest speaker to learn how they reduce cloud exploitability by collaborating with hackers to find and fix gaps, ensure compliance, and prevent attacks on their cloud assets.

Traditionally pentesting has been slow and shallow, making it difficult for modern security organizations to keep pace with innovation and compliance demands. This, coupled with the frequency of security incidents, is making enterprise security teams realize the increasing need for on-demand access to high-quality pentesting resources—and traditional consulting firms are unable to deliver due to limited FTE teams, slow launch times, delayed results, and manual reporting efforts. In this session we will cover the advantages the HackerOne platform provides to customers conducting pentests, including an easy and fast way to scope and launch a pentest, real-time results so that your teams can remediate issues faster, and transparency and direct communication with pentesters during testing. We’ll also provide insights into the future of the HackerOne platform.

Coming Soon!

Security vulnerabilities discovered in applications are almost always rooted in security flaws in source code. Here, weaknesses may be logical errors, missing validation, insufficient logging, poor secrets management, missing user permissions checks, unsafe string concatenation, misconfigurations, and much more. In this session, you'll learn the importance of incorporating secure code review in the software development lifecycle. While automated scans are helpful and powerful tools, they're no replacement for code review by human experts.

Web3 is a technology that excites, scares, and divides the tech community. But what really is Web3, what are the threats, and what is the use case for Attack Resistance Management? Web3 hacker, Sam Curry, and Senior Software Engineer at OpenSea, Edric Barnes, will join HackerOne's Security Architect, Dane Sherrets, to dissect Web3’s relationship to cryptocurrency and blockchain, and the security mistakes companies are making as they adopt the technology. Drawing on real examples and data from Web3 bug bounty programs, the panel will cover how ethical hackers view the technology, whether a radically different approach needs to be taken when hacking Web3, and best practices for including Web3 in the scope of your Attack Resistance Management strategy.

Last year at Security@, HackerOne announced the newest iteration of the Internet Bug Bounty: an initiative founded to crowdsource security resources for open source projects and maintainers. And earlier this year, Log4Shell flagrantly exposed how threats to open source can have wide-reaching consequences. In this session, join the Director of GitHub Security Labs Xavier Rene-Corail, hacker and CTO of WebSign Ryan Lester, Ruby Core team leader Aaron Patterson, and HackerOne Co-founder and CTO Alex Rice to discuss key learnings from their time securing open source, and what the future holds for open source security.