Synack Certify

Crowdsourced Penetration Testing for Compliance

Synack - Certify

Synack’s offering, Certify: Crowdsourced Penetration Testing, combines augmented intelligence, which harnesses the very best of human and machine intelligence, with compliance checklists, to deliver both real security and compliance on a continuous cadence. Synack‘s audit-ready reports can help address timely concerns around compliance including PCI, OWASP, GDPR, HIPAA, SOC 1 & 2, FISMA/NIST 800-53.

Our elite crowd of security researchers conducts targeted testing, while our intelligent vulnerability assessment, SmartScan, provides attack surface coverage. Our researchers conduct rigorous penetration testing over a two-week period while SmartScan runs 365 days a year 24/7 to discover potential vulnerabilities. Managed by our Operations team, we provide detailed vulnerability reports in real time through Synack’s Client Portal.

Our Synack Certify Test is Easy to Deploy

Unlike bug bounty, our Crowdsourced Security Platform offers:

  • Minimal Noise (High Quality Vulnerabilities): Synack has the leading signal-noise ratio of 98% due to the optimal combination of our smart technology platform and our team of elite researchers.
  • Smart Scanning for Attack Surface Coverage: Synack’s hybrid-human software scales better than bug bounty hunters by allowing researchers to focus on complex, exploitable vulnerabilities that other solutions struggle to find. This efficiency gives security teams the ability to prioritize remediation.
  • Metrics That Matter: With Attacker Resistance Score metric and Coverage Analytics you get real time insights into benchmarking against your peers, your progress over time, and a full view of your attack surface. These metrics are more helpful than the number of researchers as they demonstrate your true resistance and rigor of testing.
  • Speed: Rapidly deploy tests and get real-time analytics on testing activity, coverage, and performance.
  • World’s Best Security Talent: 100% vetted with a 5 stage vetting process for skill & trust that goes beyond bug bounty’s ID/background. The Synack Red Team has a 12% acceptance rate.
  • Comprehensive Security (and Compliance): Using our incentive-driven model, get a true adversarial perspective and find critical vulnerabilities that alternatives miss, in addition to achieving compliance.
  • Actionable Results: Receive detailed reports on what vulnerabilities were found—and how to fix them—that you can send directly to auditors or development teams.

Features of Certify

Crowdsourced Penetration Testing offering includes all of the benefits of Synack Discover and Synack Disclose, including:

Incentive-Driven Vulnerability Discovery—Researchers are awarded bounties for the vulnerabilities they find instead of using a traditional time and materials approach.

Assessment Control—The SRT work through through a secure gateway called LaunchPoint, which gives the customer additional controls over testing activity. Synack also offers LaunchPoint+, an additional security offering with Synack-owned endpoints.

Patch Verification—Synack researchers will re-test to verify that a patch is effective and can no longer be exploited.

Real-Time Reporting—The Synack portal provides real time findings on vulnerabilities found (CVSS score, steps to remediate, evidence), remediation timelines, and patch efficacy.

Vulnerability Triage—The Synack Operations team reproduces, validates, and prioritizes vulnerabilities to make sure your signal-noise ratio is as high as possible.

Program & Researcher Management—SAs and SPMs help you to manage and scope the test from end to end.

Managed Vulnerability Disclosure Program—Synack fully manages the process of vulnerability disclosure with researchers.

Attacker Resistance Score (ARS)—Synack’s Attacker Resistance Score provides a risk score for your web assets.

APIs and Integrations—Syanck offers integrations with ServiceNow, Splunk, and Jira.