Traffic Identification

Identify hacker testing traffic at various layers

Updated over a week ago

There are several ways to identify hacker testing traffic at various layers for testing/feature enablement or testing control & monitoring.

Application Layer: User Allowlisting

  • HackerOne provides each hacker with a forwarding email address

    • This email can be helpful in identifying hacker testing accounts for allowlisting within the application itself

Session Layer: HTTP Headers

  • Researchers may add headers to requests such as: β€œX-HackerOne-Research: [H1 username]”

Network Layer: IP Allowlisting

  • HackerOne Gateway

    • Hacker traffic will come from dedicated egress IP address(es)

    • Hacker VPN traffic can be analyzed for insight into asset testing coverage

  • Personal IP Check-in

"Human Layer": Hacker Vetting & Communication

Did this answer your question?