What use cases can Gateway address?
Use Gateway when you want:
To increase attack surface - Include assets that may otherwise not be reached, e.g. firewalled.
To have traffic originate from known IP addresses - Either due to a need to whitelist IPs or know IPs in use. Gateway provides the ability to complete a one-time whitelist of a limited number of dedicated egress IPs before inviting Hackers, and no updates are required as additional Hackers are invited to or leave the program.
Self-service control of hacker access - Ability to control hacker program access on a per-program or per-hacker basis.
Access to analytics dashboards - to view program coverage, engagement, and ROI insights:
Engagement analytics to have the ability to make strategy decisions backed by data
Coverage analytics to have the ability to make strategy decisions backed by data
Increased hacker engagement with the ability to focus hacking efforts by enabling hackers to have access to analytical insights
Hacker traffic logs - to enable proof of testing, provide an audit trail, or enable access to data for your own AI/ML projects.
Where can I find the public docs for the Gateway Product?
Can certain restrictions, such as geo-location, be applied through Gateway?
Gateway can geo-restrict based on location for the hackers. Such restrictions can be applied and removed at any time.
What steps were taken to make sure Gateway is secure and only accessible to authorized hackers?
We tested the following during development:
Only invited and authorized hackers can connect to the Gateway program, which syncs in real time with our core system. You can add, delete, pause, and resume access in seconds.
Hackers blocked via the in-platform control switch function cannot access the program/assets selected.
Program admins and triagers can have Gateway access for testing purposes.
What IP addresses do I have to allowlist to enable access for Gateway?
It depends on the program requirements. Not all Gateway programs will require allowlisting IPs. IP addresses that should be allowlisted are available within the platform once the program is live.
What's captured, logged, and available for access by Gateway?
The information available to download/set up real-time sync can be found here.
Does Gateway log each keystroke?
No, Gateway uses split tunnel technology, which doesn't log keystrokes. The only logged information is the traffic generated by a hacker’s activities on in-scope assets.
How can the data captured by Gateway be accessed?
Analytics dashboards can be viewed within the HackerOne platform. The ability to export the data within the dashboards is self-service. Exporting all dashboard tiles in one download can be completed into a single PDF file. Exporting an individual dashboard tile can be completed in multiple formats, such as CSV.
Single date traffic log download. You can download a single date’s hacking traffic in one NDJSON file using the self-service function within our platform.
Near real-time traffic log push. The ability to push near-real-time logs to your cloud storage is currently available upon request.
How do I revoke access for a specific hacker on my program?
Go to Program settings> Gateway > Overview.
For individual users: Click the kabob menu to the right of a user's name to pause or resume access.
For multiple users: Use the checkboxes to select the users you want to manage access for. Click Pause access or Resume access to block or unblock a user. You can easily view blocked users by clicking the Blocked tab at the top.