sb-as logo
Story image

HackerOne launches penetration testing to empower digital transformation

HackerOne has brought hacker-powered penetration testing to organisations with the aim of enabling digital transformation while also meeting compliance requirements.

HackerOne Pentest compliments its existing offerings dedicated to helping organisations find and fix vulnerabilities before they can be exploited, the company states.

HackerOne pentest includes access to HackerOne's global pentester community, recruited from a pool of more than three quarters of a million ethical hackers. This provides flexibility across testing needs.

It also includes the ability to complete the pentests required for both regulatory compliance and customer assessments. The product delivers compliance-ready reports to satisfy standards such as SOC2, HITRUST and ISO 27001 and others.

The findings are summarised in an actionable, methodology-based report to help security and engineering teams better understand how to reduce risk, HackerOne states.

However, when vulnerabilities are discovered, customers are immediately alerted instead of waiting until the final report. The product itself can be launched minimum seven days with results through within four weeks.

Furthermore, the product features integrations with the likes of Jira, Github, GitLab, Slack, Zendesk, and more. This allows customers to plug into processes and applications already in use to eliminate delays and ensure devops can remediate findings faster, HackerOne states.

Incoming reports are complete and comprehensive to enable reproducible results, and any retesting is included. Hackers use industry standard CVSS vulnerability ratings for consistency.

Full visibility helps to remove testing roadblocks, get instant feedback and updates, and monitor the overall process. This direct feedback loop with testers encourages more effective testing.

In a recent report, McKinsey Insights predicts the COVID-19 pandemic will accelerate businesses’ digital transformation, putting pressure on organisations to deliver digital products and services faster while expecting security to keep pace.

As such, at its core the HackerOne Pentest is focused on enabling businesses to catch vulnerabilities in real time to secure organisations throughout their digital transformation without slowing software development.

HackerOne chief product officer Guillaume Vives says, “Penetration testing in its traditional form is broken. The lengthy process of waiting for an enormous document to know what vulnerabilities were found - relevant or not - doesn’t fit with the speed of modern development lifecycles.

“In today’s agile environments, pentest platforms should seamlessly integrate with every aspect of the software development lifecycle so that findings are quickly pushed to the right developer and vulnerabilities are fixed faster.

“With an all in one platform, customers can view progress across kick-off, testing, retesting, and remediation phases. We’re excited to breathe new life into pentests by disclosing findings in real time with a team of experientially diverse hackers, securing code at the speed of development. This will enable customers to see where the holes are and make faster fixes.”

Customer Sumo Logic chief security officer George Gerchow says, “When customers trust you to store and manage their data in the cloud and regulatory agencies are watching, you need a creative security solution that gets beyond the check list.

"No attack surface is the same. Yet most traditional pentests we experience have been a one-size-fits-all black box engagement with little to no interaction with testers or a way to interpret the value of what we’re getting beyond a report."

Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Link image
How to leverage backup best practices to repel ransomware
Here's how a ransomware kit with a whitepaper, webinar and 30 day free trial can help your business effectively prevent, detect and restore from a ransomware attack.More