Hacker-powered security leader brings AWS customers streamlined access to vulnerability discovery and assessment
HackerOne, a leading hacker-powered security platform, announced today that it is making its debut in AWS Marketplace. Amazon Web Services (AWS) customers can now find and purchase services from HackerOne in AWS Marketplace, a curated digital catalog of software, data, and services that run on AWS. HackerOne is one of the first comprehensive security solutions providers to quote and contract services in AWS Marketplace.
Cloud-native organizations and those migrating to the cloud need robust security solutions to ensure their cloud development reduces security risk and identify and remediate new security vulnerabilities before they can be exploited. When operating in the cloud, organizations face new cyber risks, and they need a way to know where these holes are to fix them quickly. HackerOne programs are designed to aid vulnerability discovery and management on AWS. AWS customers can rely on HackerOne solutions and services to discover security risks, vulnerabilities, and misconfigurations faster and remediate priority issues with the right skills and the right team. With services from HackerOne available in AWS Marketplace, customers have a simplified way to purchase software and related services in a centralized place.
“Companies gain unprecedented flexibility and agility when deploying applications and data on the cloud,” said HackerOne CEO Marten Mickos. “Exposure to cyber threats also changes. Only an outside-in view can reveal the potential vulnerabilities that must be fixed to prevent data breaches. For years, HackerOne has provided such services to the world’s leading cloud-native companies, preventing breaches by resolving tens of thousands of weaknesses. Building upon our relationship with AWS, we are delighted to extend our application security services in an easily consumable format to all who migrate to or are born on the cloud. We hack for good — for the good of digital assets on the cloud.”
Armed with the largest, most robust database of valid vulnerabilities, including insights into Improper Access Control, Information Disclosure and Server-Side Request Forgery, the three most severe and common for applications hosted on AWS, HackerOne offers agile solutions optimized for the cloud. The full breadth of these vulnerability assessment solutions will be available in AWS Marketplace.
An industry best practice, vulnerability disclosure programs guide hackers to submit findings through the proper channels. With HackerOne Response, customers can integrate vulnerability findings seamlessly into software development with the confidence that submissions are received quickly and consistently and integrate with existing security workflows for faster remediation.
Also added to the AWS Marketplace is HackerOne Pentest. With Pentest running on AWS, customers gain visibility into cloud-specific threats across cloud APIs, IAM risks, serverless deployments, DNS management, Amazon Simple Storage Service (Amazon S3), and more. With real-time platform access to program analytics including response targets, submissions, spend, and more, HackerOne Pentests help customers get beyond the traditional pentest model and deliver compliance-ready reports to satisfy SOC 2 Type II, ISO 27001, and more while reducing risk.
The HackerOne community carries deep knowledge within cloud security, and the hacker perspective provides a new view on what services may be exploited and how adversaries target cloud infrastructure. With HackerOne Bounty, now listed in AWS Marketplace, customers can leverage the world’s largest community of ethical hackers to secure applications with continuous testing. Specialized, trusted, and diverse, HackerOne hackers are incentivized by monetary rewards to find vulnerabilities and submit reports on their security findings for verification and remediation. This unstructured testing methodology mimics actual attack attempts that adversaries use to exploit vulnerabilities, providing a level of scale, speed, and human intelligence that traditional testing models lack.