HackerOne Enhances Security Testing Platform
April 26, 2021

HackerOne is enhancing its product capabilities to help global organizations easily scale their security and mitigate security risks where traditional security tools fall short.

Applications built on cloud infrastructure services are complex and change constantly, which makes securing cloud workloads and services at scale nearly impossible when relying on disparate tooling. HackerOne’s new set of product capabilities provide organizations the visibility, context, and on-demand access to skilled security experts required to secure cloud workloads, investigate anomalous activity or meet compliance requirements all in one place.

These latest developments provide organizations across industries and attack surfaces with access to a suite of tools to:

■ Secure the design, development, and deployment of applications with:

- HackerOne Assessments: From web applications to mobile to application program interfaces (APIs) to cloud to network security, HackerOne Assessments go beyond automated tools and processes. Organizations can determine the scope of the assessment and recruit researchers with specific skills.

- HackerOne vulnerability insights: Leverage this hacker-powered vulnerability intelligence tool to get a snapshot of risk during a given time, track key areas within vulnerability lifecycles, and benchmark results against past tests and industry peers.

■ Accelerate vulnerability discovery, prioritization, and remediation with:

- Advanced workflows: Plan, build, test, manage, and evolve workflows with custom triggers, tailored recommendations, and intelligent pattern matching. HackerOne advanced workflows empower customers to create automated processes that trigger actions based on the criticality of vulnerabilities, along with bi-directional syncs that update data and records between key platforms including GitHub, Jira, ServiceNow, Microsoft Azure DevOps and the rest of their tech stack, and more.

- Remediation guidance: Access remediation advice for each vulnerability found to aid in understanding and resolving of vulnerability reports.

■ Bolster program efficiencies with:

- Attestation reports: With the expanded suite of controls in NIST 800-53 Revision 5, organizations are now required to present evidence of a functional vulnerability disclosure process to maintain compliance. Attestation reports make that a single click for your compliance team. Customers can view program metrics with comprehensive reports to uncover mean time to remediation (MTTR), level of vulnerability criticality, and prove compliance.

- Embedded submission forms: Enterprise clients will now have the ability to white label their embedded submission forms to seamlessly integrate their Vulnerability Disclosure Program (VDP) into their brand experience.

- Hacker custom fields: Achieve the flexibility to add additional fields and customize submission forms to collect more information from researchers, including version numbers, browser used, IP address, and more.

- Hacker communication: Improve hacker communication with video capture capabilities that allow researchers to provide contextual, reproducible steps to help validate vulnerabilities and remediations. For organizations with strict regulatory or privacy requirements, HackerOne Clear provides vetted and background checked researchers.

- Hacker collaboration: Enable multiple hackers to work together on reports, increasing the likelihood of valid submissions in cloud infrastructure, severe findings, and higher bounties for hackers.

“Organizations are migrating to the cloud at a faster pace than ever before,” said HackerOne CTO and Co-Founder Alex Rice. “Promises of increased speed and agility powered by the latest technology are driving the need for security to adapt to new digital business demands. With adoption comes risk,” Rice continues. “And the key to defending against evolving threats is speed. Limiting the time of exposure and reducing mean time to detect and respond is integral to protecting everyone's data as it moves to the cloud. Hackers empower you to do just that.”

Share this

Industry News

December 06, 2022

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of Argo, which will join other graduated projects such as Kubernetes, Prometheus, and Envoy.

December 06, 2022

Wib announced API PenTesting-as-a-Service (PTaaS) designed to help organizations proactively cover the latest PCI-DSS 4.0 mandates for testing application security, APIs, and vulnerabilities in Business Logic.

December 05, 2022

Harness announced Harness Cluster Orchestrator to allow customers to optimize their Kubernetes cloud workload costs and realize up to 90% cloud cost savings with Amazon Elastic Compute Cloud (Amazon EC2) Spot instances from Amazon Web Services (AWS).

December 01, 2022

Salesforce introduced a new Automation Everywhere Bundle to accelerate end-to-end workflow orchestration, automate across any system, and embed data and AI-driven workflows anywhere.

December 01, 2022

Weaveworks announced that Flux, the original GitOps project, has graduated in the Cloud Native Computing Foundation (CNCF®).

December 01, 2022

Tigera announced enhancements to its cluster mesh capabilities for managing multi-cluster environments with Calico.

December 01, 2022

CloudBees achieved the Amazon Web Service (AWS) Service Ready Program for Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances.

November 30, 2022

GitLab announced the limited availability of GitLab Dedicated, a new way to use GitLab - as a single-tenant software as a service (SaaS) solution.

November 30, 2022

Red Hat announced an expansion of its open solutions publicly available in AWS Marketplace.

November 30, 2022

Sisense announced the availability of the Sisense CI/CD Git integration module.

November 29, 2022

Codenotary announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code.

November 29, 2022

Code Intelligence announced its open-source Command-Line Interface (CLI) tool, CI Fuzz CLI, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup in order to find functional bugs and security vulnerabilities at scale.

November 29, 2022

Parasoft announced the 2022.2 release of Parasoft C/C++test with support for MISRA C:2012 Amendment 3 and a draft version of MISRA C++ 202x.

November 28, 2022

Kasm Technologies announced the release of Kasm Workspaces v1.12, providing major enhancements to its portfolio of digital workspaces delivering Desktop as a Service (DaaS), Virtualized Desktop Infrastructure (VDI), Remote Browser Isolation (RBI), Open-Source Intelligence Collection (OSINT), Training/Sandboxes, and Containerized Application Streaming (CAS).

November 28, 2022

Cloud4C has achieved Amazon Web Services (AWS) DevOps Competency status.