HackerOne Product Enhancements Help Detect, Remediate, and Analyze Cloud Misconfigurations

The cloud has emerged as the operational backbone of modern enterprises, yet 95 percent of cloud security issues are a direct result of misconfiguration according to Gartner. Today, HackerOne released product enhancements to help global organizations easily scale their security capabilities and mitigate security risks where traditional security tools fall short. 

With a 310% increase in reports for misconfiguration on the HackerOne platform, it’s clear that the burden of keeping your cloud safe requires more than signatures and custom rules. Every activity in the cloud environment drives potential threats, and companies need proactive solutions that go beyond identifying changes to describing the security context and implications of changes.

To help organizations get ahead, we’ve rolled out new product features and enhancements to provide the visibility, context, and on-demand access to skilled security experts required to secure cloud workloads, investigate and respond to vulnerability trends, and answer auditors’ questions all in one place.

These latest developments provide organizations across industries and attack surfaces with access to a suite of tools to: 

1. Secure the design, development, and deployment of applications with:

• HackerOne Assessments: From web applications to mobile apps to APIs to cloud environments to network security, HackerOne Assessments go beyond automated tools and processes. Organizations can determine the scope of the assessment and recruit researchers with specific skills and test the target assets for vulnerabilities following industry-recognized methodologies.

Figure 1: Realtime visibility into a HackerOne Pentest assessment

• HackerOne vulnerability insights: Customers gain a snapshot of risk during a given time, track key areas within vulnerability lifecycles, and benchmark results against past tests and industry peers. 

Figure 2: New HackerOne Program Overview dashboard provides customers a view into vulnerability weakness trends in their programs

2. Accelerate vulnerability discovery, prioritization, and remediation with:

• Advanced workflows: Plan, build, test, manage, and evolve workflows with custom triggers, tailored recommendations, and intelligent pattern matching. HackerOne advanced workflows empower customers to create automated processes that trigger actions based on the criticality of vulnerabilities, along with bi-directional syncs that update data and records between key platforms including Github, Jira, ServiceNow, Microsoft Azure DevOps and the rest of their tech stack, and more.
• Remediation guidance: Access remediation advice for each vulnerability found to aid in understanding and resolving of vulnerability reports. 

3. Bolster program efficiencies with:

• Attestation reports: With the expanded suite of controls in NIST 800-53 Revision 5, organizations are now required to present evidence of a functional vulnerability disclosure process to maintain compliance. Attestation reports make that a single click for your compliance team. Customers can view program metrics with comprehensive reports to uncover mean time to remediation (MTTR), level of vulnerability criticality, and prove compliance. 

Figure 3: A view of comprehensive program metrics in attestation reports

• Embedded submission forms: Enterprise clients will now have the ability to white label their embedded submission forms to seamlessly integrate their Vulnerability Disclosure Program (VDP) into their brand experience. 
• Hacker custom fields: Achieve the flexibility to add additional fields and customize submission forms to collect more information from researchers, including version numbers, browser used, IP address, and more. 
• Hacker communication: Improve hacker communication with video capture capabilities that allow researchers to provide contextual, reproducible steps to help validate vulnerabilities and remediations. For organizations with strict regulatory or privacy requirements, HackerOne Clear provides vetted and background checked researchers.
• Hacker collaboration: Enable multiple hackers to work together on reports, increasing the likelihood of valid submissions in cloud infrastructure, severe findings, and higher bounties for hackers. 

To learn more about getting started with your hacker-powered assessment or continuous security program, visit https://docs.hackerone.com/programs.html. 

To add functionality to an existing program, please contact your program manager.