Case Study: Veterans United boosts bug bounty findings and hacker engagement with HackerOne API automation

The Power of HackerOne’s API Automation A Q+A With Veterans United

Veterans United, a mortgage company, faced a significant challenge in its security testing program. The manual process of creating and managing credentials for its HackerOne bug bounty program was tedious, time-consuming, and often resulted in a lack of valid, up-to-date accounts for researchers. This hindered hacker engagement and left potential vulnerabilities undiscovered.

The solution was to leverage the HackerOne API to fully automate credential management. Veterans United built scripts in Postman that call internal APIs to create and stage accounts, which are then automatically uploaded to HackerOne. This HackerOne-driven automation led to a significant increase in valid findings and researcher engagement, so much so that it exceeded the program's bounty budget. The process is now more efficient and has built strong confidence in the bug bounty program.

Veterans United

Connor Knabe

Application Security Architect