HackerOne, a global collaborative security platform, today announced the availability of a penetration testing solution in Europe. Called Hackerone Pentest, this solution complements the existing HackerOne offering, designed to help organizations find and fix vulnerabilities before they can be exploited by cybercriminals. Hackerone Pentest makes it easier and faster for organizations to meet compliance requirements with its proactive security approach.
According to Guillaume Vives, product manager at HackerOne, “traditional penetration tests are out of date. The time taken to receive an overly dense analysis report, listing all the vulnerabilities found, relevant or not, does not correspond to the speed of current development cycles. With an integrated platform, customers can see the progress made during the launch, test, re-test and correction phases. We are delighted to breathe new life into pen tests by providing test results in real time. The code is secure as it is developed. “
In new agile environments, pen testing platforms need to integrate much more seamlessly into all aspects of the software development cycle. They must allow the conclusions to be transmitted directly to the right developer, who will be able to correct the vulnerabilities more quickly. To meet these needs, HackerOne Pentest offers:
- access to the global community of HackerOne pentesters, recruited from 750,000 ethical hackers with diverse specialties, who can thus adapt as needed,
- the possibility of carrying out pen tests for regulatory compliance and customer assessments. HackerOne pen tests provide turnkey compliance reports to meet SOC2, HITRUST and ISO 27001 standards, among others. The findings are summarized in a methodological report to help security and engineering teams better understand how to reduce risks;
- availability to initiate a program in just seven days and get results within four weeks. When vulnerabilities are discovered, clients are immediately notified before the final report is even delivered;
- integrations such as Jira, Github, GitLab, Slack, Zendesk, and many others, allowing customers to cling to already used processes and applications to ensure better developer responsiveness to detected vulnerabilities. Incoming reports are comprehensive to allow reproducible results, and re-tests are included. Hackers use industry standard CVSS vulnerability assessments;
- full visibility that allows you to get around obstacles during tests, with feedback and instant updates to monitor the entire process. This direct feedback loop with the testers makes it possible to obtain more reliable and better quality results;
- a complementary solution to existing programs, HackerOne Response, Bounty and Challenge, to offer tests that meet compliance requirements and implement a comprehensive and offensive security strategy.