Tool will find security vulnerabilities within all kinds of applications including web app, mobile app, network, and source code, giving companies a streamlined view of their organizations’ security posture
In light of increasing security threats that several product companies face, Ola, India’s leading transportation platform has launched ‘Jackhammer’, a first-of-its-kind comprehensive vulnerability analysis and management tool for technology companies. Built in-house, Jackhammer finds security vulnerabilities in the target application (website, mobile app, network, source code and blogs) and it helps security teams to manage complex continuous integration and multiple deployments required for secure product development. Moreover, the application also has a customized dashboard that presents a consolidated set of vulnerable applications and helps the organization identify top vulnerabilities conveniently and work towards aligning efforts to address those vulnerabilities.
According to a recent report by VMware, nearly 80% of the product companies experience increased cyber attacks and security vulnerabilities for their products. While some product companies have tried to address this challenge by offering financial rewards to researchers who help them identify vulnerabilities, the cost and complexities involved in this process may not be suitable for many companies, especially start-ups. Privacy and security of customer data is taken very seriously at Ola. Some of the best talent at Ola have built this platform to ensure that there is no scope for missing any potential threats. By open sourcing Jackhammer, Ola has taken a step towards building a cost effective solution for all technology companies to efficiently identify and address vulnerabilities existing in their applications/code/network.
Speaking on the development, Shadab Siddiqui, Head – Security Engineering at Ola said, “As a homegrown technology company, we realize the importance of building security infrastructure that will help efficiently address vulnerabilities that may exist in product application, and there was a serious need for such a tool in the developer/security community. As part of the growing technology ecosystem in India, our aim is to share our knowledge and expertise to help other companies address similar challenges by using our application that is built to provide a comprehensive picture of all vulnerabilities, eliminating the need to shuffle between platforms. We have already reached out to a few of the leading product companies with Jackhammer and they are excited with the prospect of benefitting from our application.”
Key features of Jackhammer include:
- A collaborative tool between those focused on security, developers, quality assurance, Technical Program Managers (TPMs) and senior leadership (now even senior leadership can have a view of their company’s security protection and protocol)
- Complete RBAC (Role Based Access Control) to make sure everyone has required privileges
- Quick integration with third party (open/ commercial scanner) tools, for seamless experience
- The in-built vulnerability management capability is integrated with the ticketing system, with just one tool users will have a comprehensive idea of the security and hygiene of their organization
- Jackhammer can run all kinds of scans (on source code, web apps, WordPress, mobile apps, and networks, etc.) from one place and track them to closure
Ola is committed to supporting the growth of entrepreneurialism in India. Open sourcing Jackhammer signifies this commitment towards supporting the entrepreneurial tech community with free software assistance. Jackhammer is the first open sourcing tool to address and scan all kind of security vulnerabilities – source code, web , mobile, and cloud and provides a comprehensive report that identifies all possible threats. Jackhammer shows the spread of vulnerabilities across all these levels and provides a complete overview of the level of security the tool maintains with respect to vulnerabilities in its code, allowing security teams to understand the complete picture and streamline efforts to mitigate vulnerabilities.