Merge branch 'master' of github.com:Hacker0x01/docs.hackerone.com

stacyspiva · stacyspiva · commit fe49779c7366 · 2020-07-17T14:57:54.000-07:00
diff --git a/.travis.yml b/.travis.yml
@@ -2,13 +2,15 @@ language: node_js
 
 node_js:
   - "lts/*"
+  - node
 
 cache:
+  yarn: true
   directories:
   - node_modules
 
 before_script:
-  - npm install
+  - yarn install
 
 script:
-  - npm run lint
+  - yarn run lint
diff --git a/docs/changelog/2018/november.md b/docs/changelog/2018/november.md
@@ -51,8 +51,8 @@ We now enable you to cancel disclosure requests. You can cancel your own request
 ### Activities API Endpoint
 We added a new activities API endpoint that enables you to fetch all activities of your program incrementally by time. Learn more about the [activities endpoint](https://api.hackerone.com/#activities-query-activities).
 
-### HackerOne VPN
-Hackers can now configure the [HackerOne VPN](/hackers/configure-the-hackerone-vpn.html) and access their VPN credentials for VPN enabled programs.
+### HackerOne Gateway (VPN)
+Hackers can now configure the [HackerOne Gateway (VPN)](/hackers/configure-the-hackerone-vpn.html) and access their Gateway (VPN) credentials for Gateway (VPN) enabled programs.
 
 ![VPN](./images/nov_2018_vpn.png)
 
diff --git a/docs/hackers/hackerone-vpn-root-ca.md b/docs/hackers/hackerone-vpn-root-ca.md
@@ -4,7 +4,7 @@ path: "/hackers/hackerone-vpn-root-ca.html"
 id: "hackers/hackerone-vpn-root-ca"
 ---
 
-In order to use the HackerOne VPN, you need to install the HackerOne VPN Root CA.
+In order to use the HackerOne Gateway, you need to install the HackerOne VPN Root CA.
 
 Refer to these installation and configuration instructions for your platform:
 
@@ -105,6 +105,6 @@ To install the HackerOne VPN Root CA to Firefox:
 
 ![Screenshot](./images/vpn-firefox-4.png)
 
-The "Hackerone - Hacker VPN Service" certificate is now visible in your list of certificates.
+The "HackerOne - Hacker VPN Service" certificate is now visible in your list of certificates.
 
 ![Screenshot](./images/vpn-firefox-5.png)
diff --git a/docs/hackers/openvpn-clients.md b/docs/hackers/openvpn-clients.md
@@ -4,7 +4,7 @@ path: "/hackers/openvpn-clients.html"
 id: "hackers/openvpn-clients"
 ---
 
-In order to use the HackerOne VPN, you need to install a VPN client that supports OpenVPN.
+In order to use the HackerOne Gateway, you need to install a VPN client that supports OpenVPN.
 
 Refer to these installation and configuration instructions for your platform:
 
@@ -15,7 +15,7 @@ Refer to these installation and configuration instructions for your platform:
 
 To configure the OpenVPN client to your windows machine:
 
-1. Download the OpenVPN **Windows Installer** from <a href="https://openvpn.net/community-downloads/" target="_blank">this page</a>.
+1. Download the OpenVPN **Windows Installer** from [this page](https://openvpn.net/community-downloads/).
 
 2. Execute the OpenVPN Installer.
 
diff --git a/docs/programs/hackerone-vpn.md b/docs/programs/hackerone-vpn.md
@@ -6,13 +6,13 @@ id: "programs/hackerone-vpn"
 
 You can require finders to set up a virtual private network (VPN) instance with HackerOne Gateway (VPN) in order to find vulnerabilities in your program. The HackerOne Gateway (VPN) enables you to have granular control over finder activities on your program and assets.
 
-> Gateway (VPN) is available as an add-on. To learn more about adding HackerOne Gateway(VPN) to your program, contact your account manager.
+> Gateway (VPN) is available as an add-on. To learn more about adding HackerOne Gateway (VPN) to your program, contact your account manager.
 
 ![Gateway program UI](./images/gateway-1.png)
 
 To manage your Gateway settings:
 1. Go to **Program Settings > Program > Hacker Management > Gateway**.
-2. Check to see if your Gateway is connected under the **Manage Global Gateway Access** section. You’ll see a green **Connected** icon to notify you that traffic is able to successfully flow through the HackerOne VPN instances. If traffic through the VPN is disrupted, you’ll see a grey **Disconnected** icon.
+2. Check to see if your Gateway is connected under the **Manage Global Gateway Access** section. You’ll see a green **Connected** icon to notify you that traffic is able to successfully flow through the HackerOne Gateway (VPN) instances. If traffic through the Gateway is disrupted, you’ll see a grey **Disconnected** icon.
 3. *(Optional)* Click **Disconnect Gateway** if you want to close your gateway to finders. Keep in mind that disconnecting your gateway will prevent finders from finding vulnerabilities on your Gateway-protected targets until you reconnect the gateway.
 <ul><li><b>Note:</b> If your Gateway is in full tunnel mode or if your assets are under a Content Delivery Network (CDN), you won't be able to disconnect your Gateway as disconnecting your Gateway will prevent hackers from hacking on other programs.</li></ul>
 
diff --git a/docs/programs/pentest-faqs.md b/docs/programs/pentest-faqs.md
@@ -11,6 +11,6 @@ Can I incentivize pentesters to find vulnerabilities throughout the pentest proc
 Can pentesters test for apps that require specialization? | It depends on the specialization you’re looking for. We have pentesters with experience in web, mobile, API and external network/infra testing. As part of the pentest process, we ask customers to go through a scoping questionnaire to help inform our team on specific testing requirements.
 We want to avoid the possibility of finding a high number of vulnerabilities that could cause our bounty pool to balloon. What can we do to avoid that? | The HackerOne Pentest is set at a fixed cost. Given there are no bounties, and pentesters are compensated for their effort and time, the total cost is 100% fixed and predictable.
 Is retesting included? How much is it to add? | There is a 60-day window to initiate 2 retests per report at no additional cost. Retesting is handled by the pentest team to ensure accuracy and consistency. 
-Are these pentests conducted by Hackerone staff or are they crowdsourced? | Pentesters are not HackerOne employees. Tests are conducted by our community. We have identified in our community those with existing professional pentesting experience.
+Are these pentests conducted by HackerOne staff or are they crowdsourced? | Pentesters are not HackerOne employees. Tests are conducted by our community. We have identified in our community those with existing professional pentesting experience.
 We're looking for something that indicates that we had the assessment done and the status of the application at the end of the assessment retest period, without the detail for issues that were identified and corrected. Can you produce an abridged version with that information? | Yes, we offer a letter of attestation for our pentest assessments.
 I’m frustrated with traditional pentest firms including out-of-scope or insignificant vulnerabilities in reports. We have to explain these to customers and leadership all the time. Will the HackerOne pentest be different? | Pentesters look for coverage of the scope rather than just focusing on impactful vulnerabilities as in a bug bounty program. Pentest best practices call for low and informative vulnerabilities to be reported. OWASP guidelines are followed by pentesters in web and mobile applications. <br><br>HackerOne’s bug bounty offerings may be more suitable for you if your priority is to find the most impactful and critical bugs.
diff --git a/docs/programs/product-offerings.md b/docs/programs/product-offerings.md
@@ -14,10 +14,18 @@ HackerOne offers 5 different products that you can choose from:
 * HackerOne Pentests
 
 ### HackerOne Response
-Establish an ISO 29147 compliant disclosure policy to safely receive and act on vulnerabilities discovered by external third-parties. This welcomes a "See Something, Say Something" process that helps ensure that security reports end up with your security team instead of unreliable channels like social media.  
+Establish an ISO 29147 compliant disclosure policy to safely receive and act on vulnerabilities discovered by external third-parties. This welcomes a "See Something, Say Something" process that helps ensure that security reports end up with your security team instead of unreliable channels like social media.
 
 ![overview-2](./images/overview-2.png)
 
+<<<<<<< HEAD
+=======
+### HackerOne Challenge
+A private, project-based, and time-bound vulnerability assessment program. Challenges are perfect for organizations looking to supplement or replace traditional penetration tests with ethical hackers looking for severe vulnerabilities. Every Challenge includes a detailed report to help meet compliance requirements. 
+
+![overview-1](./images/overview-1.png)
+
+>>>>>>> 6644bf47d6d8d2a0cda89a1719db9bc467243782
 ### HackerOne Bounty
 A program where trusted hackers are incentivized to continuously test for critical vulnerabilities. Bounty programs can be private and invite-only or fully public, and all incentives will reflect the organization’s priorities.
 
diff --git a/docs/programs/slack-shared-channels.md b/docs/programs/slack-shared-channels.md
@@ -22,7 +22,7 @@ You can join HackerOne’s Customer Slack workspace (https://hackerone-customer.
 
 > **Note:** It’s your responsibility to inform HackerOne in a timely manner when a member’s access is to be revoked.
 
-To join Hackerone’s Slack workspace as a guest:
+To join HackerOne’s Slack workspace as a guest:
 1. Click the Join Now button in your Slack invitation email.
 
 ![Join HackerOne on Slack screen](./images/slack-shared-channels-1.png)
