SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
HackerOne launches penetration testing to empower digital transformation
Wed, 17th Jun 2020
FYI, this story is more than a year old

HackerOne has brought hacker-powered penetration testing to organisations with the aim of enabling digital transformation while also meeting compliance requirements.

HackerOne Pentest compliments its existing offerings dedicated to helping organisations find and fix vulnerabilities before they can be exploited, the company states.

HackerOne pentest includes access to HackerOne's global pentester community, recruited from a pool of more than three quarters of a million ethical hackers. This provides flexibility across testing needs.

It also includes the ability to complete the pentests required for both regulatory compliance and customer assessments. The product delivers compliance-ready reports to satisfy standards such as SOC2, HITRUST and ISO 27001 and others.

The findings are summarised in an actionable, methodology-based report to help security and engineering teams better understand how to reduce risk, HackerOne states.

However, when vulnerabilities are discovered, customers are immediately alerted instead of waiting until the final report. The product itself can be launched minimum seven days with results through within four weeks.

Furthermore, the product features integrations with the likes of Jira, Github, GitLab, Slack, Zendesk, and more. This allows customers to plug into processes and applications already in use to eliminate delays and ensure devops can remediate findings faster, HackerOne states.

Incoming reports are complete and comprehensive to enable reproducible results, and any retesting is included. Hackers use industry standard CVSS vulnerability ratings for consistency.

Full visibility helps to remove testing roadblocks, get instant feedback and updates, and monitor the overall process. This direct feedback loop with testers encourages more effective testing.

In a recent report, McKinsey Insights predicts the COVID-19 pandemic will accelerate businesses' digital transformation, putting pressure on organisations to deliver digital products and services faster while expecting security to keep pace.

As such, at its core the HackerOne Pentest is focused on enabling businesses to catch vulnerabilities in real time to secure organisations throughout their digital transformation without slowing software development.

HackerOne chief product officer Guillaume Vives says, “Penetration testing in its traditional form is broken. The lengthy process of waiting for an enormous document to know what vulnerabilities were found - relevant or not - doesn't fit with the speed of modern development lifecycles.

“In today's agile environments, pentest platforms should seamlessly integrate with every aspect of the software development lifecycle so that findings are quickly pushed to the right developer and vulnerabilities are fixed faster.

“With an all in one platform, customers can view progress across kick-off, testing, retesting, and remediation phases. We're excited to breathe new life into pentests by disclosing findings in real time with a team of experientially diverse hackers, securing code at the speed of development. This will enable customers to see where the holes are and make faster fixes.

Customer Sumo Logic chief security officer George Gerchow says, “When customers trust you to store and manage their data in the cloud and regulatory agencies are watching, you need a creative security solution that gets beyond the check list.

"No attack surface is the same. Yet most traditional pentests we experience have been a one-size-fits-all black box engagement with little to no interaction with testers or a way to interpret the value of what we're getting beyond a report."