Attack resistance management provider HackerOne is launching a new initiative, OpenASM, designed to combine scan data from multiple vendors so customers can strengthen penetration testing and bounty efforts.
According to the company, this can also help ethical hackers enrich, risk rank and prioritize assets.
HackerOne Assets, a new attack resistance management (ASM) product, is the foundation of the initiative, with an integration into the HackerOne Platform. Scan data from many other ASM products can be imported into the asset database at the core of the HackerOne Platform.
According to HackerOne, OpenASM will initially support AssetNote, Darktrace (Cybersprint), Hadrian, Palo Alto Cortex Xpanse, and Project Discovery. OpenASM will also support CSV and JSON import for customers with homegrown attack surface inventory tools.
The company is also working with its partner, Security Scorecard, on the supply chain attack surface, according to HackerOne’s press release.
HackerOne says the initiative is backed by research on the existence of an attack resistance gap between what organizations can protect and what they need to protect. According to the company’s research, one-third of organizations monitor less than 75% of their attack surface, and nearly 20% believe that over half of their attack surface is unknown or not observable.
The company says OpenASM reduces the likelihood of or missing critical issues by eliminating the need for manual or outmoded asset inventory and automating defining testing scope.
“OpenASM increases the value of customers’ established ASM tools,” explained Ashish Warty, senior vice president of engineering at HackerOne, in a statement. “Our customers often use more than one ASM vendor and need to unify the data from those vendors to expand the scope for penetration tests, security assessments, and bug bounties. Ethical hackers can then enrich and triage the attack surface data, freeing up internal resources and giving organizations a better picture of their risk.”
OpenASM and other new products will be showcased at the RSA conference at HackerOne’s booth #6729.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply