Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

Continuous Hacking

The Continuous Hacking service aims to detect and report all vulnerabilities and security issues during the entire software development cycle. Our participation during the entire development period allows us to detect security issues continuously as the software evolves during development. The rigorous inspection carried out by our team allows us to detect all security issues with no false positives and to check if issues were properly repaired before the system goes into the production phase.

Ethical hacking can start before there is a working environment

Ethical Hacking can start along with code development, even before a first application version is released. There’s no need to have a working environment to start hacking, since we are able to analyze source code published on project’s GIT repository.

Application blueprint
Source code symbol

Hacking techniques

  • Integral continuous hacking is achieved through application and infrastructure ethical hacking as well as source code analysis. In order to perform integral continuous hacking, access to both GIT repository and integration environment are required.

  • In limited continuous ethical hacking the customer can choose between application ethical hacking or source code analysis. In order to perform limited continuous hacking, access to the GIT repository or the integration environment is required.

Healthcheck

When a new continuous ethical hacking subscription starts, if there were any previous issues it is necessary to perform a healthcheck. This means we will attack all versions of the existing code up to the subscription start point in addition to the monthly test limit to catch up with the development team within the first 3 subscription months. Then we’ll continue hacking simultaneously as development continues (healthcheck will have additional fees).

Source code with successful checks
Checklist

Severity

Customers are able to decide which security requirements will be tested on each Ethical Hacking (Profiling) through our Rules product.

Customers will know the exact severity for each hacking (for inspected and non-inspected profiled requirements).

Duration

Minimum subscription time for continuous ethical hacking is one year.

Calendar
Metal Gear

Attack Cycles

During the subscription period the selected system will be attacked multiple times to test all versions generated during the development phase. The hacking team will constantly attack the system even though its functionalities may have already been attacked in a previous version.

Direct and agile communication

All project communication is done through Integrates, customers can use chat and comments for any project or finding question.

Two persons having a conversation
Source code inside a scope target

Hacking environments

Basic service allows customers to choose a single environment from production, testing or integration. Customers can also add additional testing environments for validation with an additional charge.

Highly trained hacking team

Our hackers have practical certifications and academic backgrounds related to security testing. They perform manual testing and use tools to guarantee that our reporting includes insecure programming practices, standard alignment and security regulation compliance, and findings with specific business impacts. This enables us to detect Zero Day findings with no false positive reports.

Team
Computer with an open lock symbol

Exploitation

As long as we have access to your deployed applications and we authorize your use of our exploitation engine Asserts, you may reproduce a mock attack that targets a vulnerability to determine independently if you have eliminated it.

Critical information extraction

Whenever findings indicate the need to obtain information, information extraction is done to maximize finding impacts without compromising sensitive information. Example.

Arrows flowing out of a lock
Bar graph with a continuous line on top

Follow up using Integrates

During project execution customers can use Integrates to access general information about each finding, check its remediation status, classify it according to age, visualize real-time project statistics and progress, as well as other functionalities.

Remediation validation

Multiple finding validation cycles are performed during the subscription period to ensure findings have been properly repaired. We can check if any finding has been successfully closed as many times as a customer wants us to. In order to perform this remediation validation a customer must first define the treatment used to remediate the vulnerability and then request, through Integrates, a finding validation.

Checklist
Question and answer symbol

Remediation support

During the project, customers can request clarification on any issue by directly contacting our hackers through Integrates.

Customers can use our detailed remediation guides via Defends.

Generate technical and executive reports from Integrates

The Technical Report provides detailed information on all security vulnerabilities. It gives technical personnel a road map for a technical remediation plan. The Executive Report is an information tool for use by all a project’s stakeholders. It includes an in-depth findings analysis and a projected business impact statement, as well as a summary of the project scope, methodology used, conclusions and recommendations.

Bar graph in a presentation
Trash can with a cloud behind

Information gets deleted securely

7 days after a customer approves their final report all information gathered during Ethical Hacking is deleted securely from all of our systems.

  • To check on differences between our services and other providers take a look at our differentiators here.

  • To check on differences between our One-shot hacking and Continuous hacking take a look at our comparative here.


Service status - Terms of Use