Ethiack Blog

Ethiack 2.14: Test Internal Assets, CI/CD, SSO, New Reports, and more!

Written by Jorge Monteiro | 07/05/24 10:00

We've been working hard over the last few months to prepare this new version of the Ethiack Portal. It changes everything, and I mean it.

We’ve collected feedback from dozens of people about what our product was missing. And this is the result. Version 2.14 expands what organizations can test, better embeds our Automated Pentester into their workflows, and brings more clarity to their attack surface.

Let me show what changed and how that solidifies our place as the best Automated Pentester on the market.

 

The Beacon: Bring Automated Pentesting to Internal Assets

Until now, we’ve only focused on testing external assets.

But one of the most frequent requests we’ve had was the ability to test what’s hidden from the public eye. We’re talking about internal assets. 

A compromised external asset can set off a chain of events that lead attackers to critical internal assets, which could contain intellectual property, code repositories, or other highly sensitive data.

Allowing the Artificial Hackers to connect to your internal assets through the Beacon will improve your security posture by making sure every edge of your infrastructure is being tested. All of your findings will be added to your Ethiack Portal, too.

You can learn more about how to connect your internal assets in this guide.

And you can test more kinds of assets, too.

 

Test Android Apps

Another addition is Idroid: the new Artificial Hacker for white-box testing of Android apps, developed in partnership with Zezadas. Mobile apps contain specific vulnerabilities that could compromise your users and data, and adding this module ensures a more robust security posture. All of OWASP Mobile's Top 10 are covered by this Artificial Hacker, ensuring a well-rounded security posture for your app.

 

Use CI/CD to Better Manage Hacking Operations

We’re now supporting integrations with several CI/CD tools: Github, Gitlab and Jenkins. This means you can integrate Automated Pentesting events in your pipeline and if a vulnerability is found, your application won’t reach production. You can customize your testing criteria to set a minimum threshold (CVSS 4, e.g.) to fail testing.

Learn how to integrate our Automated Pentester with your CI/CD software here.

 

New Reports

You’ll find a new kind of report available in the Portal: Asset Inventories. You can use this report to comply with NIS2 standards.

Want to know more about NIS2? Read one of our articles on it here.

 

SSO

And last but not least, we’ve also added support for SSO via SAML, making your login and account management easier and more secure. 

Read more about how to set it up here.

Time to Explore the New Ethiack

These features were highly requested by you, our community. Right now, here’s what you need to do:

  • Login into the Portal to explore the new reports and mobile modules.
  • Talk with our Sales team to enable the Beacon and CI/CD integration. They’ll give you more details.
  • In case you’re not yet testing your assets, create an account.

Thank you for using Ethiack and trusting us to keep you safe!