What use cases can Gateway address?
Use Gateway when you want:
To increase attack surface - Include assets that may otherwise not be reached, e.g. firewalled.
To have traffic originate from known IP addresses - Either due to a need to whitelist IPs or know IPs in use. Gateway provides the ability to complete a one-time whitelist of a limited number of dedicated egress IPs prior to inviting Hackers, and no updates are required as additional Hackers are invited to or leave the program.
Self-service control of hacker access - Ability to control hacker program access on a per-program or per-hacker basis.
Access to analytics dashboards - to view program coverage, engagement, and ROI insights:
Engagement analytics to have the ability to make strategy decisions backed by data
Coverage analytics to have the ability to make strategy decisions backed by data
Increased hacker engagement with the ability to focus hacking efforts by enabling hackers to have access to analytical insights
Hacker traffic logs - to enable proof of testing, provide an audit trail, or enable access to data for your own AI/ML projects.
Where can I find the public docs for the Gateway Product?
Can certain restrictions, such as geo-location, be applied through Gateway?
Gateway can geo-restrict based on location for the hackers. Such restrictions can be applied and removed at any time.
What testing was done to ensure that Gateway is secure and that only authorized and approved hackers can access it?
We tested the following during development:
Only invited and authorized hackers can connect to the Gateway program that syncs in real time with our core system. The adding, deleting, pausing, and resuming of access happens in a matter of seconds.
Hackers blocked via the in-platform control switch function cannot access the program/assets selected.
Program admins and triagers can have Gateway access for testing purposes.
What IP addresses do I have to allowlist to enable access for Gateway?
This depends on the program requirements. Not all Gateway programs will require allowlisting IPs.
IP addresses that should be allowlisted are available within the platform once the program is live.
What's captured, logged, and available for access by Gateway?
The information available to download/set up real-time sync can be found here.
Does Gateway log each keystroke?
No, Gateway uses split tunnel technology, which doesn't log keystrokes. The only logged information is the traffic generated by a hacker’s activities on in-scope assets.
How can the data captured by Gateway be accessed?
Analytics dashboards can be viewed within the HackerOne platform. The ability to export the data within the dashboards is self-service. Exporting all dashboard tiles in one download can be completed into a single PDF file. Exporting an individual dashboard tile can be completed in multiple formats, such as CSV.
Single date traffic log download. You can download a single date’s hacking traffic in one NDJSON file using the self-service function within our platform.
Near real-time traffic log push. The ability for near-real-time logs to be pushed to your cloud storage is currently available upon request.
How do I revoke access for a specific hacker on my program?
Access to a Gateway program can be changed at any time in-platform, either by blocking access to the program for all Hackers or specific Hackers. This is a self-service functionality.
Instructions to limit hacker access can be found here.