HackerOne announced the expansion of its penetration testing solution in Europe. This latest product from HackerOne compliments its existing offerings dedicated to helping organizations find and fix vulnerabilities before they can be exploited.
HackerOne Pentest enables customers to meet compliance standards and requirements easier and faster with hacker-powered security.
In a recent report, McKinsey Insights predicts the COVID-19 pandemic will accelerate businesses’ digital transformation, putting pressure on organizations to deliver digital products and services faster while expecting security to keep pace.
HackerOne Pentest leverages the creativity and expertise of the world’s largest ethical hacking community to find and report vulnerabilities in real time to secure businesses and organizations throughout their digital transformation without slowing software development.
“Penetration testing in its traditional form is broken” says Guillaume Vives, Chief Product Officer at HackerOne. “The lengthy process of waiting for an enormous document to know what vulnerabilities were found — relevant or not — doesn’t fit with the speed of modern development lifecycles.
“In today’s agile environments, pentest platforms should seamlessly integrate with every aspect of the software development lifecycle so that findings are quickly pushed to the right developer and vulnerabilities are fixed faster. With an all in one platform, customers can view progress across kick-off, testing, retesting, and remediation phases.
“We’re excited to breathe new life into pentests by disclosing findings in real time with a team of experientially diverse hackers, securing code at the speed of development. This will enable customers to see where the holes are and make faster fixes.”
Top features of HackerOne pentest include:
- Access to HackerOne’s global and diverse pentester community, recruited from a pool of over three quarters of a million ethical hackers, giving customers unmatched flexibility across testing needs.
- Ability to complete the pentests required for both regulatory compliance and customer assessments. HackerOne Pentests deliver compliance-ready reports to satisfy standards such as SOC2, HITRUST and ISO 27001 and others. The findings are summarised in an actionable, methodology-based report to help security and engineering teams better understand how to reduce risk.
- Readiness to launch in as little as seven days and see results in just four weeks. When vulnerabilities are discovered, customers are immediately alerted instead of waiting until the final report.
- Integrations including Jira, Github, GitLab, Slack, Zendesk, and more, allowing customers to plug into processes and applications already in use to eliminate delays and ensure devops can remediate findings faster. Incoming reports are complete and comprehensive to enable reproducible results, and any retesting is included. Hackers use industry standard CVSS vulnerability ratings for consistency.
- Full visibility to help remove testing roadblocks, get instant feedback and updates, and monitor the overall process. This direct feedback loop with testers encourages more effective testing and returns more reliable, higher quality results.
- Compliments existing HackerOne Response, Bounty and Challenge programs to provide the ongoing testing and compliance requirements that make up a comprehensive and offensive security strategy.
“When customers trust you to store and manage their data in the cloud and regulatory agencies are watching, you need a creative security solution that gets beyond the check list,” said George Gerchow, Chief Security Officer at Sumo Logic.
“No attack surface is the same. Yet most traditional pentests we experience have been a one-size-fits-all black box engagement with little to no interaction with testers or a way to interpret the value of what we’re getting beyond a report.”
Commenting on the move by HackerOne, pentester and hacker @randomdeduction says “At traditional firms, moving from one time boxed engagement to another can cause burn out quickly. While hacking, we spend our time doing intense technical reviews of the systems powering some of the world’s largest companies. This depth of knowledge drives precision and detailed coverage on each pentest engagement that is very hard to find elsewhere.”