Traffic Identification

There are several ways to identify hacker testing traffic at various layers for testing/feature enablement or testing control & monitoring.

Application Layer: User Allowlisting

  • HackerOne provides each hacker with a forwarding email address
    • This email can be helpful in identifying hacker testing accounts for allowlisting within the application itself

Session Layer: HTTP Headers

  • Researchers may add headers to requests such as: “X-HackerOne-Research: [H1 username]”

Network Layer: IP Allowlisting

  • HackerOne Gateway
    • Hacker traffic will come from a known CIDR block
    • Hacker VPN traffic can be analyzed for insight into asset testing coverage
  • Personal IP Check-in

"Human Layer": Hacker Vetting & Communication