HackerOne

paid · Founded 2012 · cloud

Largest bug bounty + VDP platform — quote-based, programs typically run $5K+/mo plus bounty pool.

What it does well

Access to a very large and diverse community of security researchers.
Provides managed services for triaging and validating submitted vulnerability reports.
Offers structured programs for VDP, bug bounties, and compliance-focused pentesting.

Where it falls short

Pricing is quote-based and opaque, with no public tiers or self-service signup.
Total cost is unpredictable, as it includes both platform fees and variable bounty payouts.
Not suitable for small businesses or those with limited security budgets.

Visit HackerOne See all 50 tools

Tags: bug-bountypentestmanagedenterprisecloud

Alternatives to HackerOne

Bugcrowd

paid

Crowdsourced security platform — bug bounty, pen-test-as-a-service, attack surface mgmt. Quote-based.

Cobalt

paid

Pentest-as-a-Service — vetted human testers, fixed-scope packages. Quote-based, typical engagement ~$8,000+.

Astra Pentest

paid

Continuous DAST + manual pentest hybrid — published pricing $199-$5,999/yr, popular with SaaS startups.

GuardLabs Web-Audit Guardian

freemium

Continuous public-web-layer guardian — watches HTTP / size / multi-lang redirects / cyrillic drift / structure every 30 min. Self-hostable from $99 one-time.