A better pentesting solution for enterprises with the participation of over 500 security experts from the WhiteHub community
With the same investment budget, WhiteHub discovers 7 times more critical vulnerabilities compared to traditional pentesting services.
Enterprises only need to pay for the vulnerabilities that affect the systems and products directly instead of hiring security experts by the hour.
Hundreds of security experts with different perspectives participate in the pentesting process, ensuring a total coverage of all issues within the enterprise’s products.
|Criteria||Traditional pentesting services||WhiteHub Pentest|
|Human resources||Expertise||Pentesters||Pentesters, White-hat hackers, security researchers and experts with different skillsets|
|Number of participants|
|Number of participants||1 – 5||Up to hundreds of experts, depending on the need, budget and scope of the business|
|Skills||Incomplete skillset||Complete pentesting skillset|
|Participant selection||Not available||Participants are selected by CyStack basing on their skills and experience on WhiteHub.|
|Implementation||Time||Office hours||Starts immediately and operates 24/7|
|Method||Based on predetermined standards and checklists||Combining standards and checklists with individual researchers’ creativity and experience|
|Coverage||Limited||Diverse perspectives of hundreds of researchers allow for total coverage of all vulnerable points in the product|
|Developer-Pentester communication||Once every 2 - 3 weeks depending on the service provider||Continuous communication available through WhiteHub|
|Results||Reporting||Reports provided periodically (monthly, quarterly, annually)||Reports (summarized or detailed) are continuously updated and easily exported at any time|
|Quality of results|
|Quality of results||
Focus on completing checklists (OWASP for instance) instead of practical issues; cannot replicate how a real life cyberattack work
Focus on critical vulnerabilities that directly affect customers’ systems and simulate the vulnerability exploitation process
|Vulnerability rating||Subjective, determined by the service provider||Compliant with VRT and CVSS Rating; customer rating also considered|
|Fixing||Subjective, determined by the service provider||Compliant with VRT and CVSS Rating; customer rating also considered|
|Support||Fixing||Basic support||Comprehensive and quick solutions provided by researchers and CyStack|
|Re-Testing||Can incur additional costs depending on the service provider||Free re-testing until the issues are resolved|