### Setup and Activation for Gateway V2 Source: https://docs.hackerone.com/en/articles/8470719-hackerone-gateway-v2 Details the steps required for hackers to join a program using VPN and set up Gateway V2. This includes accepting an invitation, reviewing program details, starting hacking, and installing the WARP client via Docker or manual installation. ```APIDOC Setup and Activation Steps: 1. Accept Invitation: Click 'View Invitation' in the program email. 2. Review Program Details: Examine the program page. 3. Start Hacking: Click 'Start hacking' to join. 4. Install WARP Client: - Option 1: Dockerized WARP client installation and configuration (See: https://docs.hackerone.com/en/articles/8470731-installing-the-cloudflare-warp-client#h_2b3e9a583b) - Option 2: Manual Installation: - Install WARP Client (See: https://docs.hackerone.com/en/articles/8470731-installing-the-cloudflare-warp-client) - Configure WARP Client (See: https://docs.hackerone.com/en/articles/8470736-configure-client-for-a-specific-program) - Install HackerOne VPN Root CA (See: https://docs.hackerone.com/en/articles/8544971-installing-the-cloudflare-warp-root-ca) ``` -------------------------------- ### Creating Your Vulnerability Disclosure Page Source: https://docs.hackerone.com/en/collections/9890172-getting-started A walkthrough for organizations on creating their own Vulnerability Disclosure Page (VDP) on the HackerOne platform. ```APIDOC Article: Title: Creating Your Vulnerability Disclosure Page URL: https://docs.hackerone.com/en/articles/9619302-creating-your-vulnerability-disclosure-page Content: - Walkthrough for organizations on creating their own VDP page. - Focuses on platform setup and configuration. ``` -------------------------------- ### Two-Factor Authentication Setup Guide Source: https://docs.hackerone.com/hackers/two-factor-authentication Step-by-step instructions for enabling and configuring two-factor authentication (2FA) on a HackerOne account. This includes navigating to security settings, using an authenticator app, saving backup codes, and verifying the setup. ```APIDOC Two-Factor Authentication Setup: 1. Navigate to User Settings > Security. 2. Click 'Turn on' to enable 2FA. 3. Open your authenticator app and scan the QR code or manually enter the secret key. 4. Click 'Next'. 5. Save your backup codes securely. This is the only time they will be available. 6. Click 'Next'. 7. Enter the verification code from your 2FA app, a backup code, or your password as prompted. 8. Click 'Save'. Upon successful verification, you will be prompted for a 6-digit code from your authenticator app upon login. ``` -------------------------------- ### HackerOne GitLab Integration Steps Source: https://docs.hackerone.com/en/articles/10394699-gitlab-setup A step-by-step guide on how to configure the GitLab integration within the HackerOne platform. This involves navigating to settings, connecting with GitLab, setting up authentication with GitLab credentials, and finalizing project mapping. ```Markdown 1. Go to Program Engagement > Settings > Automation > Integrations. 2. Click the **Connect with GitLab** link. 3. Click the **Set up new integration** button. 4. Enter the **Name** and **Description** for your new integration and click **Next**. 5. Click on **New authentication**, enter the **Client ID** and **Client secret** you were provided with after creating the OAuth 2.0 application in GitLab, and enter the **Instance URL** (without https://). Then click **Create**. 6. Click on **Authorize HackerOne** in the popup window. 7. If you use a self-hosted GitLab server rather than Gitlab.com, please update the Base URL. Click **Next** to finalize the setup between HackerOne and your GitLab instance. 8. In the GitLab project window, configure which GitLab project you'd like to escalate HackerOne reports to and click **Next**. ``` -------------------------------- ### Hacker101 CTF - Getting Started Source: https://docs.hackerone.com/hackers/hacker101 Steps to begin playing the Hacker101 Capture The Flag (CTF) game. This involves logging in with a HackerOne account, authorizing access, selecting a difficulty level, and starting to capture flags. ```APIDOC Hacker101 CTF: Start Game: 1. Log in with your HackerOne account. - Note: A HackerOne account is required. If you don't have one, create it via the Login tab. 2. Authorize Hacker101 CTF to access your HackerOne public profile and flags. 3. Select the difficulty level for the challenges. 4. Click 'Go' to start capturing flags. Gameplay Features: - Hints: Available if you get stuck, with progressively longer timers for subsequent hints. - Restart: Use if the instance is buggy or slow; does not affect captured flags. ``` -------------------------------- ### Linear Integration Setup Source: https://docs.hackerone.com/articles/8573154-linear-setup Step-by-step instructions for connecting HackerOne to Linear, including API key generation and authentication. ```APIDOC HackerOne Linear Integration: 1. Access Webhooks: Navigate to Engagements > Program Settings > Automation > Integrations. 2. Connect to Linear: Click 'Connect with Linear'. 3. Setup Integration: Click 'Set up new integration', provide Name and Description, then click 'Next'. 4. Generate Linear API Key: In Linear, go to Settings > API and create a new Personal API key. **Note: This key is shown only once.** 5. Authenticate in HackerOne: In the Linear authentication window, click 'Add a new account', enter the Linear API key in the 'Master token' field, and click 'Create'. 6. Configure Team and Project: Select the Linear Team and Project (optional) for report escalation and click 'Next'. 7. Map Fields: Select HackerOne fields to map to Linear fields. Custom mappings can be created using integration variables (e.g., `{{triage_summary}} \ Link: {{report_link}}`). Click 'Next'. 8. Map Severities to Priorities (Optional): Map HackerOne Severities to Linear Priorities for automated priority setting. 9. Select Events (Optional): Choose HackerOne events (Comment added, State changed) to post updates to Linear issues. ``` -------------------------------- ### Linear Integration Setup Source: https://docs.hackerone.com/en/articles/8573154-linear-setup Step-by-step instructions for connecting HackerOne to Linear, including API key generation and authentication. ```APIDOC HackerOne Linear Integration: 1. Access Webhooks: Navigate to Engagements > Program Settings > Automation > Integrations. 2. Connect to Linear: Click 'Connect with Linear'. 3. Setup Integration: Click 'Set up new integration', provide Name and Description, then click 'Next'. 4. Generate Linear API Key: In Linear, go to Settings > API and create a new Personal API key. **Note: This key is shown only once.** 5. Authenticate in HackerOne: In the Linear authentication window, click 'Add a new account', enter the Linear API key in the 'Master token' field, and click 'Create'. 6. Configure Team and Project: Select the Linear Team and Project (optional) for report escalation and click 'Next'. 7. Map Fields: Select HackerOne fields to map to Linear fields. Custom mappings can be created using integration variables (e.g., `{{triage_summary}} \ Link: {{report_link}}`). Click 'Next'. 8. Map Severities to Priorities (Optional): Map HackerOne Severities to Linear Priorities for automated priority setting. 9. Select Events (Optional): Choose HackerOne events (Comment added, State changed) to post updates to Linear issues. ``` -------------------------------- ### HackerOne SAML SSO Setup Steps Source: https://docs.hackerone.com/organizations/single-sign-on-sso-via-saml This outlines the two main steps for setting up SAML SSO in HackerOne: configuring the provider details and testing the connection. It guides users through navigating the HackerOne interface to add and save SAML provider information. ```APIDOC Setup Process: Step 1 - Configure: 1. Navigate to Organization Settings > Authentication > SAML (SSO). 2. Click 'Add SAML Provider'. 3. Fill in the required fields: Name, Domain, Single Sign-On URL, X509 Certificate. 4. Optionally, check 'Require new users to use SAML'. 5. Click 'Save'. Step 2 - Test: 1. On the SAML Configuration page, locate the 'Test settings' section. 2. Click 'Start Test'. 3. Click 'Start test now' in the subsequent prompt. 4. Enter your login credentials in the provided test window. 5. Review the test results for success or failure messages. ``` -------------------------------- ### Install Linear Integration Source: https://docs.hackerone.com/en/articles/8573131-linear-integration Provides instructions on how to install and set up the Linear integration with HackerOne. ```APIDOC LinearIntegration: installation_guide: https://docs.hackerone.com/articles/8573154-linear-setup description: Steps to install and configure the HackerOne-Linear integration. ``` -------------------------------- ### Cloudflared Service Output Source: https://docs.hackerone.com/en/articles/9648360-custom-kali-virtual-machine Example output indicating the successful installation of the Cloudflared Linux service. ```bash 2024-07-23T13:02:31Z INF Using Systemd 2024-07-23T13:02:32Z INF Linux service for cloudflared installed successfully ``` -------------------------------- ### Hacker101 CTF - Getting Started Source: https://docs.hackerone.com/en/articles/8456935-hacker-101 Steps to begin playing the Hacker101 Capture The Flag game. This involves logging in with a HackerOne account, authorizing access to your profile and flags, selecting a difficulty level, and starting the game. ```en 1. Log in with your HackerOne account. 2. Authorize Hacker101 CTF to access your HackerOne public profile and flags. 3. Select the difficulty of the level that you want to find flags for. 4. Click **Go** to start capturing flags. ``` -------------------------------- ### Example Steps to Reproduce a Vulnerability Source: https://docs.hackerone.com/hackers/quality-reports Provides a clear, step-by-step guide for reproducing a Cross-Site Scripting (XSS) vulnerability, including specific URLs, parameters, and expected outcomes. ```en 1. Log in as a regular user. 2. Navigate to the profile settings page at `https://example.com/settings/profile`. 3. Insert `` into the "About Me" field and save. 4. Log out and view the profile as another user. 5. The script executes on page load. ``` -------------------------------- ### ServiceNow Application Vulnerability Response (AVR) Setup Source: https://docs.hackerone.com/en/collections/11809921-servicenow This guide details the setup process for the ServiceNow Application Vulnerability Response (AVR) integration with HackerOne. It outlines the steps required to configure the integration for effective vulnerability management. ```APIDOC ServiceNow AVR Setup Guide: Purpose: Setup guide for ServiceNow Application Vulnerability Response. Content: - Step-by-step instructions for configuring the AVR integration. - Details on data mapping and synchronization settings. Link: https://docs.hackerone.com/en/articles/10539527-servicenow-avr-setup ``` -------------------------------- ### HackerOne Field Mapping Example Source: https://docs.hackerone.com/en/articles/10394699-gitlab-setup Demonstrates how to map HackerOne fields to GitLab fields using integration variables. This example shows a combination of triage summary, report link, submission date, reporter name, and weakness. ```APIDOC Example Field Mapping: {{triage_summary}} \ Link: {{report_link}} \ Date: {{submission_date}} \ Reporter: {{reporter_name}} \ Weakness: {{weakness}} Description: This mapping combines several HackerOne report details into a single string for a GitLab field. It utilizes integration variables to dynamically pull data from HackerOne reports. ``` -------------------------------- ### HackerOne SAML SSO Setup Steps Source: https://docs.hackerone.com/en/articles/8487039-single-sign-on-sso-via-saml This outlines the two main steps for setting up SAML SSO in HackerOne: configuring the provider details and testing the connection. It guides users through navigating the HackerOne interface to add and save SAML provider information. ```APIDOC Setup Process: Step 1 - Configure: 1. Navigate to Organization Settings > Authentication > SAML (SSO). 2. Click 'Add SAML Provider'. 3. Fill in the required fields: Name, Domain, Single Sign-On URL, X509 Certificate. 4. Optionally, check 'Require new users to use SAML'. 5. Click 'Save'. Step 2 - Test: 1. On the SAML Configuration page, locate the 'Test settings' section. 2. Click 'Start Test'. 3. Click 'Start test now' in the subsequent prompt. 4. Enter your login credentials in the provided test window. 5. Review the test results for success or failure messages. ``` -------------------------------- ### HackerOne SAML Setup Instructions Source: https://docs.hackerone.com/en/articles/8490539-onelogin-sso-setup-via-saml This snippet details the final steps for integrating OneLogin SSO with HackerOne. It directs users to HackerOne's SAML setup documentation and specifies where to input the credentials obtained from OneLogin. ```APIDOC HackerOne SAML Integration: 1. Open HackerOne in a new tab. 2. Follow the SAML setup instructions provided at [https://docs.hackerone.com/organizations/single-sign-on-sso-via-saml.html](https://docs.hackerone.com/organizations/single-sign-on-sso-via-saml.html). 3. During the SAML setup on HackerOne, paste the Single Sign-On URL and the X.509 Certificate copied from OneLogin into the designated fields. ``` -------------------------------- ### HackerOne SAML Setup Instructions Source: https://docs.hackerone.com/en/articles/8490526-okta-sso-setup-via-saml Details on how to complete the SAML setup within HackerOne after configuring Okta. This includes copying necessary values from Okta and pasting them into the HackerOne SAML configuration. ```APIDOC HackerOne SAML Configuration Steps: 1. Obtain 'Single Sign-On URL' and 'Signing Certificate' from Okta's SAML setup instructions. 2. Navigate to HackerOne's SAML setup page. 3. Paste the copied 'Single Sign-On URL' into the corresponding field in HackerOne. 4. Upload or paste the 'Signing Certificate' into the corresponding field in HackerOne. ``` -------------------------------- ### Example Steps to Reproduce a Vulnerability Source: https://docs.hackerone.com/en/articles/8475116-quality-reports Provides a clear, step-by-step guide for reproducing a Cross-Site Scripting (XSS) vulnerability, including specific URLs, parameters, and expected outcomes. ```en 1. Log in as a regular user. 2. Navigate to the profile settings page at `https://example.com/settings/profile`. 3. Insert `` into the "About Me" field and save. 4. Log out and view the profile as another user. 5. The script executes on page load. ``` -------------------------------- ### Two-Factor Authentication Setup Steps Source: https://docs.hackerone.com/en/articles/8505330-two-factor-authentication Provides a step-by-step guide for users to enable and configure two-factor authentication (2FA) on their HackerOne account using a TOTP-based authenticator app. ```en 1. Navigate to User settings. 2. Click on Security. 3. Click 'Turn on' to enable 2FA. 4. Open your authentication app and scan the QR code or manually enter the secret key. 5. Click 'Next'. 6. Save your backup codes (this is the only time they will be available). 7. Click 'Next'. 8. Enter the verification code from your 2FA app, a backup code, and your account password. 9. Click 'Save'. ``` -------------------------------- ### HackerOne SAML Setup Instructions Source: https://docs.hackerone.com/organizations/okta-sso-saml-setup Details on how to complete the SAML setup within HackerOne after configuring Okta. This includes copying necessary values from Okta and pasting them into the HackerOne SAML configuration. ```APIDOC HackerOne SAML Configuration Steps: 1. Obtain 'Single Sign-On URL' and 'Signing Certificate' from Okta's SAML setup instructions. 2. Navigate to HackerOne's SAML setup page. 3. Paste the copied 'Single Sign-On URL' into the corresponding field in HackerOne. 4. Upload or paste the 'Signing Certificate' into the corresponding field in HackerOne. ``` -------------------------------- ### HackerOne SAML Setup Instructions Source: https://docs.hackerone.com/organizations/onelogin-sso-saml-setup This snippet details the final steps for integrating OneLogin SSO with HackerOne. It directs users to HackerOne's SAML setup documentation and specifies where to input the credentials obtained from OneLogin. ```APIDOC HackerOne SAML Integration: 1. Open HackerOne in a new tab. 2. Follow the SAML setup instructions provided at [https://docs.hackerone.com/organizations/single-sign-on-sso-via-saml.html](https://docs.hackerone.com/organizations/single-sign-on-sso-via-saml.html). 3. During the SAML setup on HackerOne, paste the Single Sign-On URL and the X.509 Certificate copied from OneLogin into the designated fields. ``` -------------------------------- ### Installing the Jira Integration Source: https://docs.hackerone.com/en/articles/8557929-jira-integration Provides instructions on how to install and set up the Jira integration within the HackerOne platform. ```APIDOC Integration Setup: Jira Integration Installation: - Access the HackerOne platform settings. - Navigate to the 'Integrations' section. - Select 'Jira' and follow the on-screen instructions for installation and configuration. - This typically involves providing Jira API credentials and authorizing the connection. ``` -------------------------------- ### HackerOne 2FA Setup Guide Source: https://docs.hackerone.com/en/articles/11642802 Provides instructions on how to set up two-factor authentication (2FA) on HackerOne. This process typically involves using TOTP-based authenticator apps like Google Authenticator or Duo Mobile. ```APIDOC HackerOne 2FA Setup: Description: Steps to configure two-factor authentication (2FA) for your HackerOne account. Prerequisites: - A TOTP-compliant authenticator app (e.g., Google Authenticator, Duo Mobile). Steps: 1. Navigate to the security settings within your HackerOne account. 2. Select the option to enable 2FA. 3. Scan the QR code provided by HackerOne using your authenticator app. 4. Enter the code generated by your authenticator app to verify the setup. 5. Save the provided backup codes in a secure location. Notes: - Backup codes are essential for account recovery if you lose access to your 2FA device. - SSO/SAML users are exempt from this mandatory 2FA requirement. ``` -------------------------------- ### HackerOne Documentation Sections Source: https://docs.hackerone.com/index This section outlines the various categories of documentation available for the HackerOne platform. It covers topics such as changelogs, getting started guides, profile setup, hacking techniques, engagement management, AI features, inbox and report handling, payments, pentesting, triage services, organization management, scope and standards, automations, integrations, analytics, hacker engagement, helpful tools, Essential VDP, and Live Hacking Events. ```APIDOC HackerOne Platform Documentation: - Changelog: Keep up to date on the latest changes (25 articles) - Welcome to HackerOne: Start here to learn more about our platform (21 articles) - Your Profile: Learn how to set up your hacker profile (16 articles) - Hacking: Learn all about hacking on HackerOne (25 articles) - Your Engagements: Best practices and instructions for running successful engagements (28 articles) - Hai (AI Features): Discover all of our AI features and learn how they can help streamline your processes (7 articles) - Inbox & Reports: Learn about your inboxes and reports (39 articles) - Payments & Taxes: Find instructions and forms needed for payments and taxes (10 articles) - Pentests: Learn more about Pentests at HackerOne (13 articles) - Hai Triage Services: Learn about HackerOne’s Triage Services (5 articles) - Your Organization: Manage your organization users, groups, and engagements (23 articles) - Scope & Standards: Learn best practices for policy and scope (11 articles) - Automations: Automate your processes and expedite your workflows (4 articles) - Integrations: Learn how to integrate tools with HackerOne (41 articles) - Analytics & Dashboards: Examine data and statistics for your engagements (15 articles) - Hacker Engagement: Learn how to communicate and work with hackers on your engagements (16 articles) - Helpful Tools: Additional tools and tips to help you manage engagements (14 articles) - Essential VDP: Everything you need to achieve success with your Essential VDP (1 article) - Live Hacking Events: Learn about HackerOne's Live Hacking Events (LHEs) (1 article) ``` -------------------------------- ### Hacker Success Guide Source: https://docs.hackerone.com/en/collections/6084109-hackers Learn how to grow as a hacker and start earning bounties on the HackerOne platform. This guide provides insights and strategies for a successful hacking career. ```en Hacker Success Guide: Learn how to grow as a hacker and start earning bounties ``` -------------------------------- ### HackerOne Sign Up Process Source: https://docs.hackerone.com/organizations/program-starting-point Steps to sign up as a company on HackerOne. This involves visiting the website, initiating the sign-up process, selecting the company option, filling out the required form, and submitting it. A sales representative will then contact the user. ```APIDOC HackerOne Sign Up: 1. Navigate to hackerone.com. 2. Click 'Sign Up'. 3. Select 'I'm a company'. 4. Complete all form fields. 5. Click 'Submit'. Outcome: A HackerOne sales representative will contact you to assist with program setup. ``` -------------------------------- ### Install and Configure Apache Web Server Source: https://docs.hackerone.com/en/articles/9648357-self-managed-cloudflared-configuration Installs Apache2 web server on a Debian-based system, starts the service, and checks its status. This is used for setting up a test environment. ```bash sudo apt update && sudo apt upgrade \ sudo apt install apache2 \ sudo service apache2 start \ sudo service apache2 status ``` -------------------------------- ### HackerOne Sign Up Process Source: https://docs.hackerone.com/en/articles/8365324-program-starting-point Steps to sign up as a company on HackerOne. This involves visiting the website, initiating the sign-up process, selecting the company option, filling out the required form, and submitting it. A sales representative will then contact the user. ```APIDOC HackerOne Sign Up: 1. Navigate to hackerone.com. 2. Click 'Sign Up'. 3. Select 'I'm a company'. 4. Complete all form fields. 5. Click 'Submit'. Outcome: A HackerOne sales representative will contact you to assist with program setup. ``` -------------------------------- ### OKTA SCIM Provisioning Setup Source: https://docs.hackerone.com/en/articles/9250705-scim-provisioning-for-okta This section details the step-by-step process for setting up SCIM provisioning in OKTA for HackerOne. It covers initial SAML integration, enabling provisioning features, configuring authentication, and selecting provisioning actions. ```APIDOC 1. Set up SAML integration following the provided guide. - Note: If SAML was previously set up using the HackerOne application, SCIM will not be available. Use a new application for SCIM provisioning. - Skip steps 6 and 10-13 of the SAML setup if applicable. 2. Open your HackerOne SCIM application. 3. In the **General** tab, click **Edit** behind **App Settings**. 4. Check the **Enable provisioning features** box. 5. Click **Save**. 6. Click the **Provisioning** tab. 7. Click **Edit**. 8. Set **Authentication Mode** to **HTTP Header**. - Paste the **URL** from the SCIM credentials page into the **SCIM connector base URL** box. - Enter your **email** in the **Unique identifier field for users** box. - Enter the **API Token** in the **Authorization** field. 9. Select the desired provisioning actions. 10. Click **Test Connector Configuration**. A verification message will appear upon success. 11. Click **Save**. 12. Select **To App** in the left panel and enable desired **Provisioning Features**. 13. Click **Save**. 14. Assign people to the app as needed to complete the setup. ``` -------------------------------- ### ServiceNow Integration Configuration Steps Source: https://docs.hackerone.com/en/articles/10539515-servicenow-vr-setup This section details the sequential steps required to set up the ServiceNow integration within the HackerOne platform. It includes navigating to settings, connecting the service, authenticating the instance, and configuring data synchronization. ```APIDOC 1. Navigate to Engagements > Program Settings. 2. Locate and click on 'Automation > Integrations'. 3. Click 'Connect' with ServiceNow. 4. Click 'Set up new integration'. 5. Click 'New Authentication'. 6. Enter 'ServiceNow Instance URL' (e.g., https://my-instance.service-now.com/). 7. Enter 'Client ID' and 'Client Secret' obtained from OAuth configuration. 8. Click 'Create' and then 'Allow' for authentication. 9. Click 'Next', enter the vulnerability creation URL, and click 'Next'. 10. Select 'Synchronize attachments' if needed, then click 'Finish'. 11. Enable the integration after completing the setup wizard. ``` -------------------------------- ### Installing the GitLab Integration Source: https://docs.hackerone.com/en/articles/8571227-gitlab-integration This section provides instructions on how to install and set up the GitLab integration within the HackerOne platform. It typically involves authorizing the connection and configuring initial settings. ```APIDOC APIDOC: Endpoint: /integrations/gitlab/install Method: POST Description: Installs and configures the GitLab integration. Request Body: type: object properties: gitlab_url: { type: string, description: The base URL of your GitLab instance. } api_token: { type: string, description: Your GitLab API token for authentication. } project_id: { type: string, description: The GitLab project ID to integrate with. } Response: type: object properties: message: { type: string, description: Confirmation message indicating successful installation. } Example: POST /integrations/gitlab/install Body: {"gitlab_url": "https://gitlab.example.com", "api_token": "your_gitlab_token", "project_id": "12345678"} Response: {"message": "GitLab integration installed successfully."} ``` -------------------------------- ### Setup HackerOne Slack Integration Source: https://docs.hackerone.com/en/articles/8575699-slack-integration Steps to connect HackerOne with your Slack workspace. This involves navigating to program settings, initiating the Slack connection, authenticating with Slack, and authorizing permissions. ```APIDOC Setup Steps: 1. Navigate to Program Settings: Go to **Engagements**, select the program, and click **Settings**. 2. Access Integrations: Click **Automation > Integrations**. 3. Connect Slack: Click the **Connect with Slack** link. 4. Authenticate: Click **Authenticate with Slack** and follow the prompts to select your Slack team and authorize HackerOne. Required Permissions: - Access information about your public channels: To list and assign notifications to Slack channels. - View email addresses of people on your team: To map HackerOne usernames to Slack users for mentions. - Access your team's profile information: Standard Slack integration permission. ``` -------------------------------- ### HackerOne Email Forwarding - Correct Headers Example Source: https://docs.hackerone.com/en/articles/8541542-email-forwarding This example demonstrates the expected email headers for a correctly configured HackerOne email forwarding setup. It includes essential fields like 'To', 'From', 'Return-Path', 'Delivered-To', 'Received-SPF', 'DKIM-Signature', 'X-Forwarded-To', 'X-Forwarded-For', and 'H1-Forwarding-Nonce'. ```APIDOC Header | Value ---|--- To | security@example.com From | "Reporter" example@reporter.com Return-Path | example@reporter.com Delivered-To | security@example.com Received-SPF | pass(*) DKIM-Signature | v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=hsbnp7p3ensaochzwyq5wwmceodymuwv;d=server.com; t=12738181; h=Date:From:To:Message-1 D:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=2jh40/jnKOZNNY68AJSDID8IUovd714123JJzgOVWqFX4Q=; b=JASIOSD+89jYRJsmqDIEA621Xkz1cpHba6xikYasjid8JJoc KAidKMZ/O1VV/+LBI19tGajKAID882Lx8/CSAXMMiKlamK+ac+rOfqQKDIA88INOL /FBpVYM4nLOLLIPOPwxNrlvPWoouHw9kdDq171/dUs YO7E= X-Forwarded-To | security-9beOakdka99397e@forwarding.hackerone.com X-Forwarded-For | security@example.com security-9beOakdka 99397e@forwarding.hackerone.com H1-Forwarding-Nonce | 2a032918391e46cf7687e62ec42423ea3 ``` -------------------------------- ### API Documentation: ServiceNow Resource Creation Source: https://docs.hackerone.com/en/articles/10539527-servicenow-avr-setup This section details how to create a new resource in ServiceNow, likely an API endpoint or a similar configuration item. It involves navigating the ServiceNow UI, creating a new resource, and saving its path for future use. ```APIDOC POST /api/now/table/{table_name} Request Body: { "table_name": "vulnerability_item", "sys_id": "", "external_id": "", "link": "" } Response Body (201 Created): { "table_name": "vulnerability_item", "sys_id": "", "external_id": "", "link": "" } Steps: 1. Navigate to the relevant module in ServiceNow (e.g., Vulnerability Response). 2. Create a new resource (e.g., API endpoint). 3. Copy the **Resource path** of the newly created resource. ``` -------------------------------- ### HackerOne Video Recording Steps Source: https://docs.hackerone.com/en/articles/9047911-video-proof-of-concept Provides a step-by-step guide on how to record a video proof of concept using the HackerOne platform. This includes initiating the recording, selecting the source, stopping the recording, and attaching it to a report. ```en 1. Click the **Record a demo** button below the report attachments area. 2. Select a source (individual browser tab, window, or entire screen). 3. Stop the recording by clicking the stop recording button or using browser controls. Recordings stop automatically at 250MB. 4. Name the recording and attach it to the report. ``` -------------------------------- ### Jira Integration Setup Source: https://docs.hackerone.com/en/collections/6679559-integrations Set up your Jira integration to streamline issue tracking and vulnerability management. This guide covers the necessary steps to connect HackerOne reports with Jira issues. ```APIDOC Jira Integration Setup: Purpose: Configure the connection between HackerOne and Jira. Prerequisites: - Jira administrator access. - HackerOne program administrator access. Steps: 1. In HackerOne, navigate to Program Settings > Integrations. 2. Select Jira and click 'Configure'. 3. Enter your Jira instance URL. 4. Provide Jira authentication credentials (API token or username/password). 5. Map HackerOne report fields to Jira issue fields (e.g., title, description, severity). 6. Define synchronization rules (e.g., when to create a Jira issue, which status updates to sync). Features: - Bi-directional synchronization of report and issue data. - Automatic creation of Jira issues from new HackerOne reports. - Linking HackerOne reports to existing Jira issues. Troubleshooting: - Refer to Jira FAQs for common issues and solutions. ``` -------------------------------- ### ServiceNow Scripted REST API Setup Source: https://docs.hackerone.com/en/articles/10539527-servicenow-avr-setup This documentation outlines the steps to create a Scripted REST API in ServiceNow. It covers navigating to the correct module, creating a new API with specific naming conventions, and adding resources with HTTP methods and relative paths. ```APIDOC Scripted REST API Creation: Navigate to System Web Services > Scripted REST APIs. Click 'New' to create a new Scripted REST service. Fields: Name: HackerOne API ID: hackerone Click 'Submit'. Resource Creation: Open the newly created API. Navigate to the 'Resources' tab. Click 'New' to add a resource. Fields: Name: Create Vulnerability HTTP Method: POST Relative path: /create_vulnerability_avr ``` -------------------------------- ### Microsoft Entra SSO Setup Tutorial Source: https://docs.hackerone.com/en/articles/9047417-microsoft-entra-sso Provides a direct link to the official Microsoft Entra SSO setup tutorial for HackerOne. This external resource contains detailed, step-by-step instructions for configuring the integration. ```APIDOC External Tutorial: URL: https://learn.microsoft.com/en-us/entra/identity/saas-apps/hackerone-tutorial Description: Step-by-step guide for setting up Microsoft Entra SSO with HackerOne. ``` -------------------------------- ### HackerOne 2FA Setup Guide Source: https://docs.hackerone.com/en/articles/11642798-2fa-faqs-for-researchers Provides instructions on how to set up two-factor authentication (2FA) on HackerOne. This typically involves using TOTP-based authenticator apps like Google Authenticator or Duo Mobile. ```APIDOC HackerOne 2FA Setup: - Reference: https://docs.hackerone.com/en/articles/8410217-two-factor-authentication - Method: Follow instructions provided in the linked article. - Requirements: - TOTP-based authenticator app (e.g., Google Authenticator, Duo Mobile). - Notes: - 2FA will be mandatory for all platform users unless signing in using SSO/SAML. - Backup codes are critical for access recovery. ``` -------------------------------- ### Two-Factor Authentication Setup Steps Source: https://docs.hackerone.com/en/articles/8410217-two-factor-authentication This snippet outlines the step-by-step process for enabling two-factor authentication (2FA) on a HackerOne account. It details navigating to user settings, enabling 2FA, using an authenticator app (scanning QR code or manual entry), saving backup codes, and verifying the setup. ```text 1. Go to your profile settings by clicking on your profile in the top right corner and then selecting **User settings**. 2. Click **Security**. 3. Click **Turn on** to enable 2FA. 4. Open your authentication app and click **Add device** or scan the QR code on your HackerOne screen. * **Tip** : You can enter your secret key manually if you can't scan the QR code. 5. Click **Next.** 6. **Save your backup codes**. * **Important** : This is the only time you will be able to do this. If you lose them, you will have to generate new ones. 7. Click **Next.** 8. Enter your verification code from your 2FA app, one of the backup codes, and your account password as prompted. 9. Click **Save.** ``` -------------------------------- ### Okta SSO Setup via SAML Source: https://docs.hackerone.com/en/collections/6542028-single-sign-on Guide for configuring Single Sign-On (SSO) with Okta as the Identity Provider for HackerOne using SAML. This enables users to authenticate using their Okta credentials. ```APIDOC Okta SSO Setup via SAML: Purpose: Integrate Okta as an Identity Provider for HackerOne SSO. Requirements: Okta organization account. Configuration Steps: 1. In Okta Admin Console: Create a new SAML application for HackerOne. 2. Configure Okta App: Use HackerOne's SAML metadata (Entity ID, ACS URL) to configure the Okta application. 3. Assign Users/Groups: Assign relevant Okta users or groups to the HackerOne application. 4. Attribute Mapping: Ensure necessary user attributes are sent in the SAML assertion. 5. Enable SSO in HackerOne: Configure HackerOne to use Okta as the SAML IdP. ``` -------------------------------- ### HackerOne 2FA Setup Guide Source: https://docs.hackerone.com/en/articles/11642802-2fa-faqs-for-organizations Provides instructions on how to set up two-factor authentication (2FA) on HackerOne. This process typically involves using TOTP-based authenticator apps like Google Authenticator or Duo Mobile. ```APIDOC HackerOne 2FA Setup: Description: Steps to configure two-factor authentication (2FA) for your HackerOne account. Prerequisites: - A TOTP-compliant authenticator app (e.g., Google Authenticator, Duo Mobile). Steps: 1. Navigate to the security settings within your HackerOne account. 2. Select the option to enable 2FA. 3. Scan the QR code provided by HackerOne using your authenticator app. 4. Enter the code generated by your authenticator app to verify the setup. 5. Save the provided backup codes in a secure location. Notes: - Backup codes are essential for account recovery if you lose access to your 2FA device. - SSO/SAML users are exempt from this mandatory 2FA requirement. ``` -------------------------------- ### ServiceNow Vulnerability Response (VR) Setup Source: https://docs.hackerone.com/en/collections/11809921-servicenow This guide provides instructions for setting up the ServiceNow Vulnerability Response (VR) integration with HackerOne. It covers the necessary configurations to enable seamless data flow for vulnerability management. ```APIDOC ServiceNow VR Setup Guide: Purpose: Setup guide for the ServiceNow VR integration. Content: - Configuration steps for the VR integration. - Information on how VR utilizes HackerOne data. Link: https://docs.hackerone.com/en/articles/10539515-servicenow-vr-setup ``` -------------------------------- ### Jira Cloud Migration Steps Source: https://docs.hackerone.com/en/articles/8557928-jira-migration-guide Steps to migrate Jira integration for Jira Cloud users. This involves uninstalling the existing HackerOne app and setting up a new integration via the Jira Setup page. ```en 1. Navigate to the Manage Apps console of Jira by going to **Apps > Manage Apps**. 2. Uninstall the HackerOne for JIRA app. 3. Follow the instructions on the [Jira Setup page](https://docs.hackerone.com/en/articles/8557915-jira-setup) to set up new Jira integration. ``` -------------------------------- ### Automation Actions Configuration Source: https://docs.hackerone.com/en/articles/9653528-creating-and-running-automations Explains the 'Actions' tab in automation setup, which contains template-specific form elements. It uses the 'Inbox assignment based on asset' template as an example, detailing how dropdowns are used to map assets to inboxes. ```UI Next, we have **Actions**. The Actions tab includes template-specific form elements to help you easily set up the automation. For the “Inbox assignment based on asset” template, it provides dropdowns for selecting the asset and the inbox the report should be assigned to. ``` -------------------------------- ### JIT Provisioning with SSO via SAML Source: https://docs.hackerone.com/en/collections/6538962-your-organization Enable Just-in-Time (JIT) provisioning for users when using SSO via SAML. This automates user account creation upon their first login. ```APIDOC JIT Provisioning: Description: Automatically provisions user accounts in HackerOne when a user logs in for the first time via SAML SSO. Configuration: Enabled through the SAML SSO setup. Benefits: - Streamlines user onboarding. - Ensures user accounts are created only when needed. Related: - Single Sign-On (SSO) via SAML ``` -------------------------------- ### Docker WARP Client for Hackers Source: https://docs.hackerone.com/en/articles/8662720-november-2023-changelog Information regarding the Docker WARP client specifically designed for hackers. This likely includes setup instructions, usage examples, and any specific requirements for utilizing this tool within the HackerOne ecosystem. ```APIDOC Docker WARP Client for Hackers: Purpose: To provide hackers with a containerized environment for testing and interacting with programs. Setup: - Requires Docker to be installed. - Pull the latest WARP client image from the official repository. - Configure environment variables for authentication and program targeting. Usage: - Run the client to connect to HackerOne's services. - Execute commands for submitting reports, fetching program details, etc. Dependencies: - Docker Benefits: - Consistent testing environment - Simplified dependency management ``` -------------------------------- ### Create New Automation Source: https://docs.hackerone.com/en/articles/9653528-creating-and-running-automations This describes the initial step of creating a new automation by clicking the 'Create new automation' button and selecting a template. It highlights the option to start from scratch with a 'custom automation' template or use pre-built templates for a head start. ```UI Click the **Create new automation** button on the top right to create a new automation. **Next** , select an automation template. ```