Traffic Identification
There are several ways to identify hacker testing traffic at various layers for testing/feature enablement or testing control & monitoring.
Application Layer: User Allowlisting
- HackerOne provides each hacker with a forwarding email address
- This email can be helpful in identifying hacker testing accounts for allowlisting within the application itself
- Researchers may add headers to requests such as: “X-HackerOne-Research: [H1 username]”
Network Layer: IP Allowlisting
- HackerOne Gateway
- Hacker traffic will come from a known CIDR block
- Hacker VPN traffic can be analyzed for insight into asset testing coverage
- Personal IP Check-in
"Human Layer": Hacker Vetting & Communication
- HackerOne Clear researchers
- Custom alert process for each program