HackerOne Named a Chief in Penetration Testing as a Service (PTaaS) GigaOm Radar Report

The report offers a technical analysis of key PTaaS vendor choices available in the market. A choose group of seven distributors have been invited to take part on this analysis. HackerOne is positioned as a ‘Leader’ within the report and plotted most intently to the ‘Platform Play’ section in the important thing determine (see under) of the report. GigaOm charges HackerOne’s crowdsourced neighborhood of pentesters, and the platform’s integrations with SDLC instruments, as distinctive. We invite you to entry the complete GigaOm Penetration Testing as a Service Radar report.

PTaaS is a Revolution in Penetration Testing

Penetration testing is without doubt one of the most helpful threat discount strategies out there to organizations as a result of it is designed to simulate an exterior assault. Nevertheless, conventional pentesting is carried out by companies that usually lack the trendy efficiencies, platform, and experience that organizations must make pentests actionable. It’s normal to seek out conventional suppliers that immediately make use of or retain a restricted variety of pentesters, with out the numerous experience your group wants to check its complete infrastructure or software program structure. That is very true for contemporary functions, APIs, cell, and cloud techniques.

Penetration testing as a Service (PTaaS) has emerged in the previous few years to deal with the shortcomings of conventional pentesting. GigaOm’s Radar Report states that “PTaaS represents the revolution in the pentesting space that was long overdue.” Much like different SaaS fashions, PTaaS incorporates a cloud platform that usually ties collectively different cybersecurity options, automated workflows, and a big pool of testers which are assigned to your group as acceptable per engagement.

HackerOne is Positioned to Ship Impactful and Environment friendly PTaaS

GigaOm analyst Chris Ray notes, “HackerOne offers high-quality results because of its diverse pentester community, and its aim to improve security operations using business workflows via integrations, the rapid delivery of results, and automation. The maturity of HackerOne’s integration with AWS is unique, and its real-time visibility and direct communication methods will please most clients.”

Moreover, the report acknowledges the advantages organizations will obtain from HackerOne’s “mature, bi-directional integrations with SDLC tools like Jira, GitHub, GitLab, AzureDevOps, and AWS.” The report additionally calls out the mixing with AWS Safety Hub as a “standout feature through which HackerOne demonstrates clear maturity with AWS technologies and will be of great value for organizations that run primarily or exclusively on AWS.”

HackerOne Capabilities by Key Standards and Analysis Metrics

GigaOm evaluated PTaaS distributors on six key standards that present differentiating worth to customers. HackerOne acquired Distinctive rankings (highest rating) for the robustness of the SDLC integrations and the energy of HackerOne’s crowdsourced neighborhood of pentesters. The capabilities of our HackerOne Pentest providing throughout these standards are as follows:

Key Standards

• Crowdsourced Pentesting: Our elite group of pentesters are drawn from our neighborhood of over 1.5 million moral hackers. All pentesters are vetted and background checked, with a minimal of three years of pentesting expertise, and the bulk having over 5 years. Our neighborhood of pentesters carry a various set of abilities to check cloud platforms, Net, cell, APIs, and exterior networks.
• Integration with SDLC Applied sciences: Over twenty bi-directional integrations with main SDLC instruments corresponding to JIRA, GitHub, and GitLab. GigaOm identifies the “unique” maturity of our AWS Safety Hub integration within the PTaaS area.
• Agile Pentesting Strategies: Our PTaaS answer is designed to cut back the logistical overhead and lag that’s typical in conventional pentesting engagements. Onboarding and scoping processes are self-service, permitting improvement groups to shortly arrange new engagements. By leveraging our massive neighborhood of testers, HackerOne is ready to shortly establish and match the pentesters with the suitable ability units to check given belongings and expertise varieties.
• Enhanced Communications: HackerOne gives a direct line of communication to testers by way of in-platform communications and Slack integration. This reduces remediation occasions,  permitting your builders to simply get extra details about the scope and affect of vulnerabilities, in addition to a retesting characteristic to substantiate the effectiveness of remediation. HackerOne Technical Engagement Managers are assigned to every pentesting engagement to assist orchestrate and handle the testing course of.
• Automated Workflows: Launching, managing, and reviewing your pentests occurs on the HackerOne platform. GigaOm identifies our answer as “highly automated.” The platform permits clients to arrange exams and monitor progress throughout the whole testing lifecycle from scoping by way of remediation and retesting.
• Constructed-in Vulnerability Scanners: We now have made an specific selection to not embody vulnerability scanners. Many organizations already use best-in-class vulnerability scanners. We as an alternative select to deal with our core competency of making efficiencies for testing that depends on the experience and ingenuity of human testers.

Analysis Metrics

The GigaOm Radar report additionally outlines 5 analysis metrics to assist organizations perceive the optimistic affect a PTaaS vendor can present. The capabilities of our HackerOne Pentest providing throughout these metrics are as follows:

• Threat Discount: HackerOne’s PTaaS service is one part of our Attack Resistance Management platform that mixes PTaaS with steady testing and assault floor administration. Our pentesters discover significant vulnerabilities that solely skilled, human-led testing can uncover. Almost one-fifth of the vulnerabilities present in our pentests are of “high” or “critical” severity. Evaluate this to conventional pentester findings that usually haven’t any excessive or vital findings.
• Resolution Ecosystem: Our penetration testing service offers vulnerability findings and stories out there immediately in your improvement crew’s present SDLC workflows and tooling. We primarily promote on to our clients at present however are engaged on increasing our gross sales channels.
• Flexibility: Versatile pricing and packaging permit organizations to scope for a number of exams all year long after which modify as wanted when plans or priorities change, with the flexibility so as to add extra hours of testing all through the subscription interval. The platform tracks whole hours and utilization. Clients may clone exams and add customized names to exams. We provide quite a lot of testing sizes, methodologies, and black field and grey field pentesting approaches.
• Function Set: Our productized Scoping Kind and Self-Setup give enterprises the management to scope, set preferences, and request to launch pentests in accordance with their dates and deadlines. The Pentest Desk offers enterprises a birds-eye view of all their pentests in numerous phases in a single place and the subsequent actions wanted to maneuver them ahead. In-product methodologies (Net, iOS, Android, AWS, APIs, and many others.) preserve pentesters targeted on protection and supply asset-specific assurances to help audits and compliance wants higher.
• Pace: HackerOne’s PTaaS service is concentrated on delivering pentests effectively and shortly, permitting your group to leverage pentests as a daily a part of your SDLC and construct resistance to assaults. We are able to launch a check in as little as seven days, with most clients launching in ten days on common.

Conclusion

Past the technical benefits, HackerOne’s Attack Resistance Management platform offers strategic benefits by combining PTaaS capabilities with continuous testingand attack surface management delivered by a SaaS platform and leveraging the energy of the HackerOne neighborhood of moral hackers.

To study extra concerning the Pentesting as a Service market, learn the complete GigaOm Radar report