HackerOne Announces Hacker-Powered Cloud Security Capabilities for AWS Customers 


Today HackerOne announced new capabilities for AWS customers looking to improve security in their cloud applications. These include vulnerability pentests specific to AWS environments, an AWS Security Hub integration for fast, effective security actions, and highly-skilled, ethical hackers with AWS Security Specialty certified training. AWS customers can now identify and fix vulnerabilities quickly, develop a better understanding of their cloud application security profile, and access the expertise of AWS Certified hackers.

Improved Cloud Application Security for Your Organization

Protect Your AWS Environment with Targeted Pentesting

As part of the HackerOne Assessment offering, the new HackerOne Assessments: Application Pentest for AWS explicitly tailored for AWS-deployed applications. The pentest discovers risks specific to an organization’s AWS environment following a methodology using top HackerOne platform cloud vulnerabilities. This helps AWS customers prevent data leaks, subdomain takeovers, unauthorized access to applications, and more. Figure 1 below shows the checklist in HackerOne that specifies AWS-specific methodology parameters.

Figure 1: Checklist showing HackerOne Assessments: Application for Pentest for AWS methodology parameters

By combining an SaaS platform with a community of skilled, background-verified testers, teams can quickly start their pentests, gain insights to remediate risk faster, and mature their security programs. 

HackerOne Integrated with AWS Security Hub 

The new AWS Security Hub integration exchanges vulnerability findings between HackerOne and Security Hub, streamlining workflows to accelerate security actions. By consolidating and routing vulnerability intelligence from HackerOne to AWS Security Hub, the integration delivers greater visibility into crucial gaps that could lead to a cyberattack.

AWS customers can sync all HackerOne vulnerability findings and use AWS Security Hub as the single console for management and prioritization. They can also compare AWS Security Hub findings with those found by the HackerOne community to see duplicates, understand status, and plan remediation, as shown in Figure 2 below.

H1 to SH
Figure 2: HackerOne findings in AWS Security Hub console

With consolidated vulnerability reports, unified findings for more informed responses, and faster time to remediation, AWS customers can improve application security. HackerOne’s AWS Security Hub integration means severe vulnerabilities are routed to the right people at the right time to increase security team efficiencies, improve reporting, and reduce application exploitation. 

A HackerOne Community of AWS Certified Security Specialty Hackers

Your organization can work with highly skilled certified experts with specialized, proven expertise in vulnerabilities specific to your AWS cloud environment. You will extend your attack surface coverage and be able to address vulnerabilities from multiple threat angles, including cloud misconfigurations, unauthorized access, and data exposure. Instead of switching pentest vendors to find diverse testing expertise, you find it all in this talented community of certified hackers. Figure 3 below shows the official certification seal of a HackerOne AWS Certified Cloud Practitioner.

AWS badges
Figure 3: HackerOne hacker Trevor Shingles (sowhatsec) with his AWS Cloud Practitioner certification

Organizations using AWS can now better protect their AWS environments against risk and attacks with highly skilled and certified hacker-powered security, more streamlined team workflows, and comprehensive and rapid vulnerability discovery and reporting.

If you’re a hacker interested in becoming a HackerOne Pentester, you can apply here to join our community. Perform pentests together with a team of other talented security research experts and grow your resume and expertise with opportunities like AWS Certification scholarships. Let us know what additional certifications you’d like to see offered to the hacker community! Everyone is welcome to join the Hacker101 community to learn alongside other hackers and further your bug bounty and cybersecurity skill sets. 

How HackerOne Makes Your AWS Cloud Applications Safer

HackerOne’s all-in-one continuous security testing platform directly addresses the needs of organizations using AWS solutions. AWS customers now have access to highly-skilled, AWS Certified hackers, AWS-specific pentests, and hacker-powered vulnerability insights to make their cloud applications less exploitable. Learn how to mitigate risk faster and improve your security profile here.



Source link