Crowdsourced Vulnerability Discovery from the World’s Best Ethical Hackers
The unstructured testing methodology of Synack’s Crowdsourced Vulnerability Discovery (CVD) mimics reallife attack methods that are used by criminals to exploit vulnerabilities. Our elite crowd of security researchers, the Synack Red Team (SRT), is unleashed through a secure platform to test all client assets within scope and submit reports on their findings. SRT researchers are incentivized to find critical, high-impact vulnerabilities through a managed bug bounty model (in contrast to a time-and-materials model offered by traditional pen tests). This testing methodology addresses the weaknesses of defense-in-depth strategies that only prevent signature-based attacks.
1. CVD starts with a recon phase powered by Hydra, Synack’s automated reconnaissance and vulnerability scanning tool. Hydra boosts the efficiency of the SRT by delivering all the information a hacker might need to prosecute a target.
2. With intelligent scanning in place, SRT researchers probe defenses via LaunchPoint, Synack’s secure gateway technology. All SRT members conduct their research through LaunchPoint to give customers visibility and oversight over all testing activity. Not only does CVD produce vulnerabilities, it also provides valuable insights into adversarial attack patterns, guiding customers to direct their defenses to high-risk areas.
3. The Synack Mission Ops team verifies that vulnerabilities submitted by the SRT are valid before a client sees them. This protects time-strapped security teams from wasting manpower on false positives.