HackerOne

There are several ways to identify hacker testing traffic at various layers for testing/feature enablement or testing control &amp; monitoring.

HackerOne provides each hacker with a forwarding <a href="https://docs.hackerone.com/hackers/hacker-email-alias.html">email address</a>

- This email can be helpful in identifying hacker testing accounts for allowlisting within the application itself

- HackerOne provides each hacker with a forwarding <a href="https://docs.hackerone.com/hackers/hacker-email-alias.html">email address</a>
  - This email can be helpful in identifying hacker testing accounts for allowlisting within the application itself

Researchers may add headers to requests such as: “X-HackerOne-Research: [H1 username]”

- Researchers may add headers to requests such as: “X-HackerOne-Research: [H1 username]”

HackerOne <a href="https://docs.hackerone.com/en/articles/8536633-hackerone-gateway-vpn">Gateway</a>

- Hacker traffic will come from dedicated egress IP address(es)
- Hacker VPN traffic can be <a href="https://docs.hackerone.com/en/articles/8583355-gateway-dashboard">analyzed</a> for insight into asset testing coverage

- Limited to the <a href="https://docs.hackerone.com/en/articles/8365279-product-offerings">H1 Pentest</a> product. Used in lieu of <a href="https://docs.hackerone.com/en/articles/8536633-hackerone-gateway-vpn">Gateway</a>

- HackerOne <a href="https://docs.hackerone.com/en/articles/8536633-hackerone-gateway-vpn">Gateway</a>
  - Hacker traffic will come from dedicated egress IP address(es)
  - Hacker VPN traffic can be <a href="https://docs.hackerone.com/en/articles/8583355-gateway-dashboard">analyzed</a> for insight into asset testing coverage
- Personal IP Check-in
  - Limited to the <a href="https://docs.hackerone.com/en/articles/8365279-product-offerings">H1 Pentest</a> product. Used in lieu of <a href="https://docs.hackerone.com/en/articles/8536633-hackerone-gateway-vpn">Gateway</a>

"Human Layer": Hacker Vetting &amp; Communication

HackerOne <a href="https://docs.hackerone.com/organizations/hackerone-clear.html">Clear</a> researchers

- email, phone, <a href="https://docs.hackerone.com/organizations/supported-integrations.html">Slack, Teams, PagerDuty, and others</a>
- HackerOne <a href="https://api.hackerone.com/" target="_blank" rel="nofollow noopener noreferrer">API</a>

- HackerOne <a href="https://docs.hackerone.com/organizations/hackerone-clear.html">Clear</a> researchers
- Custom alert process for each program
  - email, phone, <a href="https://docs.hackerone.com/organizations/supported-integrations.html">Slack, Teams, PagerDuty, and others</a>
  - HackerOne <a href="https://api.hackerone.com/" target="_blank" rel="nofollow noopener noreferrer">API</a>

Organizations: Identify hacker testing traffic at various layers

Traffic Identification

Find answers and get help from Intercom Support and Community Experts

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Traffic Identification

Application Layer: User Allowlisting

Session Layer: HTTP Headers

Network Layer: IP Allowlisting

"Human Layer": Hacker Vetting & Communication