“Companies gain flexibility and agility when deploying applications and data on the cloud,” said HackerOne CEO Marten Mickos. “Exposure to cyber threats also changes. Only an outside-in view can reveal the potential vulnerabilities that must be fixed to prevent data breaches. For years, HackerOne has provided such services to the world’s leading cloud-native companies, preventing breaches by resolving tens of thousands of weaknesses. Building upon our relationship with AWS, we are delighted to extend our application security services in an easily consumable format to all who migrate to or are born on the cloud. We hack for good — for the good of digital assets on the cloud.”
With a robust database of valid vulnerabilities, including insights into Improper Access Control, Information Disclosure and Server-Side Request Forgery, the three most severe and common for applications hosted on AWS, HackerOne offers agile solutions optimised for the cloud. The full breadth of these vulnerability assessment solutions will be available in AWS Marketplace.
An industry best practice, vulnerability disclosure programs guide hackers to submit findings through the proper channels. With HackerOne Response, customers can integrate vulnerability findings seamlessly into software development with the confidence that submissions are received quickly and consistently and integrate with existing security workflows for faster remediation.
Also added to the AWS Marketplace is HackerOne Pentest. With Pentest running on AWS, customers gain visibility into cloud-specific threats across cloud APIs, IAM risks, serverless deployments, DNS management, Amazon Simple Storage Service (Amazon S3), and more. With real-time platform access to program analytics including response targets, submissions, spend, and more, HackerOne Pentests help customers get beyond the traditional pentest model and deliver compliance-ready reports to satisfy SOC 2 Type II, ISO 27001, and more while reducing risk.
The HackerOne community carries deep knowledge within cloud security, and the hacker perspective provides a new view on what services may be exploited and how adversaries target cloud infrastructure. With HackerOne Bounty, now listed in AWS Marketplace, customers can leverage the world’s largest community of ethical hackers to secure applications with continuous testing. Specialized, trusted, and diverse, HackerOne hackers are incentivized by monetary rewards to find vulnerabilities and submit reports on their security findings for verification and remediation.
Read the latest edition of PCR’s monthly magazine below: