The Next generation of Penetration testing
A better pentesting solution for enterprises with the participation of over 1500 security experts from the WhiteHub community
Effectiveness
With the same investment budget, WhiteHub discovers 7 times more critical vulnerabilities compared to traditional pentesting services.
ROI optimization
Enterprises only need to pay for the vulnerabilities that affect the systems and products directly instead of hiring security experts by the hour.
Coverage
Hundreds of security experts with different perspectives participate in the pentesting process, ensuring a total coverage of all issues within the enterprise’s products.
WhiteHub Pentest VS Traditional pentesting services
| Criteria | Traditional pentesting services | WhiteHub Pentest | |
|---|---|---|---|
| Expertise | |||
| Human resources | Expertise | Pentesters | Pentesters, White-hat hackers, security researchers and experts with different skillsets |
| Number of participants | |||
| Number of participants | 1 – 5 | Up to hundreds of experts, depending on the need, budget and scope of the business | |
| Skills | |||
| Skills | Incomplete skillset | Complete pentesting skillset | |
| Participant selection | |||
| Participant selection | Not available | Participants are selected by CyStack basing on their skills and experience on WhiteHub. | |
| Time | |||
| Implementation | Time | Office hours | Starts immediately and operates 24/7 |
| Method | |||
| Method | Based on predetermined standards and checklists | Combining standards and checklists with individual researchers’ creativity and experience | |
| Coverage | |||
| Coverage | Limited | Diverse perspectives of hundreds of researchers allow for total coverage of all vulnerable points in the product | |
| Developer-Pentester communication | |||
| Developer-Pentester communication | Once every 2 - 3 weeks depending on the service provider | Continuous communication available through WhiteHub | |
| Reporting | |||
| Results | Reporting | Reports provided periodically (monthly, quarterly, annually) | Reports (summarized or detailed) are continuously updated and easily exported at any time |
| Quality of results | |||
| Quality of results |
Low severity
Focus on completing checklists (OWASP for instance) instead of practical issues; cannot replicate how a real life cyberattack work |
Critical severity
Focus on critical vulnerabilities that directly affect customers’ systems and simulate the vulnerability exploitation process | |
| Vulnerability rating | |||
| Vulnerability rating | Subjective, determined by the service provider | Compliant with VRT and CVSS Rating; customer rating also considered | |
| Fixing | |||
| Fixing | Subjective, determined by the service provider | Compliant with VRT and CVSS Rating; customer rating also considered | |
| Fixing | |||
| Support | Fixing | Basic support | Comprehensive and quick solutions provided by researchers and CyStack |
| Re-Testing | |||
| Re-Testing | Can incur additional costs depending on the service provider | Free re-testing until the issues are resolved | |
Featured Case Study
VNTRIP OTA
After 2 months of using WhiteHub, over 50 critical vulnerabilities have been discovered on VNTRIP’s system, saving the company from potential serious breaches.
Learn more