KUALA LUMPUR, Nov 10 (Bernama) -- YesWeHack has unveiled a powerful Attack Surface Management (ASM) product that enables clients to orchestrate their offensive security and vulnerability remediation strategy through a risk-based approach.

According to YesWeHack in a statement, the new product continuously maps an organisation’s internet-exposed assets, detects their possible exposure to known vulnerabilities, and automatically prioritises those vulnerabilities (based on severity, exploitability and asset criticality).

“A 360-degree cockpit combining unified vulnerability management with external attack surface management enables clients to think like, and therefore thwart, an attacker, spotting and sealing off the weakest, most hackable vectors,” said its chief executive officer and co-founder, Guillaume Vassault-Houlière.

Unlike standalone platforms, YesWeHack’s ASM integrates vulnerabilities from automated scanning (by the ASM) and its Bug Bounty, Pentest Management and Vulnerability Disclosure Policy (VDP) product, creating a one-stop-shop for all vulnerabilities.

Amid tight security budgets, the ASM also automates and harmonises workflows to reduce costs, workloads and time-to-fix. The five operational phases of Gartner’s Continuous Threat Exposure Management (CTEM) model are implemented including scope, discover, prioritise, validate, and mobilise.

This enables a unified, comprehensive and risk-based approach to security testing and remediation of the most critical vulnerabilities at scale. The turnkey-deployable ASM also introduces a design revamp to YesWeHack’s overall platform.

A rapid expansion of attack surfaces, increasingly complex tech stacks and rapid development cycles are fuelling an inexorable rise in vulnerabilities, often present in unknown assets.

Since its founding in 2015, YesWeHack connects organisations worldwide to tens of thousands of ethical hackers, who uncover vulnerabilities in websites, mobile apps and other digital assets.

-- BERNAMA