HackerOne recommends providing credentials and contextual information to hackers wherever possible
HackerOne recommends offering elevated rewards for unauthenticated vulnerability findings
The HackerOne platform includes a secure credential management feature that allows customers to quickly upload multiple sets of credentials
Includes the ability to provision multiple roles
Essential for PrivEsc, IDOR, broken authentication, data segregation testing, etc.
Hackers can claim credentials in the platform and immediately proceed with testing
Enabling Unauthenticated Testing
Many HackerOne programs are interested in finding unauthenticated vulnerabilities as they can be exceptionally severe
HackerOne recommends specifying an elevated reward level for unauthenticated vulnerabilities within either the bounty table or the policy
Be sure to provide clarity in your policy on what unauthenticated vulnerabilities are eligible for the elevated reward level