Using Synack Crowdsourced Penetration Testing for Compliance
Compliance ≠ Security...
But it is necessary
Why compromise between the two? With Synack’s Crowdsourced Penetration Testing, you can authorize creative vulnerability discovery and compliance checklist completion under a single test.
Advance your security program with:
Checkbox-style testing reports
Creative vulnerability hunting
On-Demand testing that’s not dependent on a consultant’s schedule
No Compromise
How Does It Work?
As a complement to Vulnerability Discovery, Synack provides lists of specific security checks (based on OWASP and suitable for PCI) based on your compliance needs.
All checks are performed by Synack Red Team (SRT) researchers who document their activities AND any vulnerabilities they find along the way. Researchers will provide documentation in a management consulting-style report.
Synack compensates researchers via bug bounty payments for each security check successfully completed and any valid vulnerabilities found.
Testing results are visible to you in real-time and available to view in a final report.
What do compliance check results look like?
Each check will include an audit-friendly description of the weakness checked for, the results in text and images, and a clear statement of the results.
Figure 1. A sample Synack CPT check for compliance.
Your final report will consist of dozens of sample checks and results.
The list of checks to perform can be Basic (OWASP) or Premium (PCI).
Contact your Synack representative to learn more.
