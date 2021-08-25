HackerOne introduced new penetration testing initiatives for AWS that include both a service and certification opportunities for ethical hackers.

On Wednesday, the vulnerability reporting and bug bounty vendor announced it will sponsor members of its vetted pen tester community to earn existing AWS certifications. The community consists of ethical hackers who, in exchange for monetary awards, report findings to HackerOne, which are then added to a vulnerability database. That database, which documents thousands of vulnerabilities, is used by organizations in several sectors to assess and mitigate risk.

Preselected participants can choose from three AWS certifications: Cloud Practitioner, Architect Solutions - Associate level, and Security - Specialty. Pen testers can achieve at least two of the offered certifications in "cohort-driven" educational activities, according to HackerOne's announcement, and will receive scholarship funds equal to the exam costs. HackerOne Founder and CTO Alex Rice told SearchSecurity these certifications will improve the effectiveness of HackerOne pen testers working with AWS customers and expand their skill sets.

Rice said HackerOne preselects and vets its members for every pen testing engagement, and this program is no different. Candidates of its existing pen test community were selected for this AWS certifications path.

"This, ultimately, means we now have a dedicated pool of pen testers with AWS certifications to select from our customers that also use AWS," Rice wrote in an email to SearchSecurity.

In tandem with that goal, HackerOne's new Application Pentest for AWS is tailored specifically for applications deployed in AWS. The service is designed to discover risks specific to an organization's AWS environment using top cloud vulnerabilities found on its platform to help "prevent data leaks, subdomain takeovers, unauthorized access to applications and more," according to HackerOne. With the new service, the company hopes to expand effectiveness in quickly identifying AWS application vulnerabilities.

The certification paths and pen testing services are the latest additions to HackerOne's existing relationship with AWS. The cloud computing giant launched a bug bounty and vulnerability reporting program with HackerOne in April 2020.

In addition to the pen testing initiatives, HackerOne announced its platform is now integrated with AWS Security Hub, a management service for customers that automates best practices and remediations. The integration is designed to create a unified system where vulnerability remediation times are shortened and bug reports and threat intelligence are routed more quickly to AWS, improving visibility for customers.