HackerOne revealed that a video capture feature has been added to its suite of tools for white hat hackers, making it easier to show how a vulnerability could be exploited.
Simultaneously, the HackerOne platform makes it easier for cybersecurity teams to directly absorb and integrate vulnerability attestation reports with compliance forms, as well as digest hacker-provided remediation guidance.
Lastly, HackerOne has improved its vulnerability insights tools to provide more context, automated workflows, and a combined penetration testing and hacker challenge service.
The new capabilities, according to Michiel Prins, co-founder and head of product at HackerOne, are designed to make it easier for companies to integrate hackers they contract to test their security posture into their workflows. Custom triggers, suggestions, and pattern matching are included in these workflows, as well as bi-directional data and record synchronizations with platforms including GitHub, Jira, ServiceNow, Gitlab, and Microsoft Azure DevOps.
Over the last year, HackerOne has seen a 63 percent rise in the number of hackers submitting vulnerabilities, with 38 percent of the hackers who make their services accessible on the platform stating that they have spent more time hacking since the COVID-19 outbreak began. More than a third i.e. 34 percent of hackers said that pandemic-driven digital transformation programmes have resulted in more bugs.
The extra assistance seems to be appreciated by the cybersecurity teams. In the wake of pandemic, half of the HackerOne hackers (50 percent) indicated that attitudes against hackers are changing for the better, with 34 percent saying that they have won more bounties.
According to Prins, a lot of the research that hackers are asked to do includes cloud services. In reality, on the HackerOne platform, there has been a 310 percent rise in reports of cloud misconfiguration. Cloud security is plagued by misconfigurations, owing to the widespread use of software like Terraform to provision cloud infrastructure.
Unfortunately, several of those developers lack an understanding of what it takes to properly configure those services, resulting in open ports, for example. Since cybercriminals know that organisations are unlikely to limit the use of Infrastructure-as-Code (IaC) tools like Terraform, they now routinely use tools that search for such misconfigurations, according to Prins.
Prins believes that a small army of freelance hackers will supplement cybersecurity teams, which are usually understaffed and overworked, at a period when most companies are having difficulty hiring and retaining cybersecurity expertise. The hackers also provide a ‘outside-in’ perspective that cybersecurity teams, especially those with little hands-on hacking experience, often lack.
Of course, not everyone is happy with the concept of paying people with hacking skills to compromise their IT infrastructures. In the wake of pandemic, however, everybody in IT knows that black hat hackers are now searching for security vulnerabilities through what has now been an incredibly broad enterprise. It’s a race against time to find as many bugs as possible in those environments before a bad actors finds out how to exploit them.