What type of data and insights can you access in your HackGATE dashboard and reports?

HackGATE uses advanced analytics to provide a comprehensive picture of pentest projects. See what type of data you can access in your dashboard and reports.
Balazs Pozner
May 6, 2024
8 min read
Share this post

Ever feel like your pentest reports are missing something? These reports, sent to you by the pentest provider after testing, provide you with critical information about the testing. However, they often lack accuracy and the in-depth details your security team needs to understand how successful the pentest was.

Questions like ‘Were all functionalities of the web app tested?’; ‘What kind of attack types were used?’; and ‘How long did the testing last?’ often remain unanswered.

Our recent survey on pentest transparency showed that 60% of security professionals struggle to measure the success of their pentest projects, with close to two-thirds (65%) of respondents relying solely on information provided by the pentest vendor.

HackGATE is a purpose-built solution to address these concerns with a multi-layered approach to monitoring and analytics. But what level of granularity can you expect from the platform? This blog post is a detailed overview of the type of data and insights included in HackGATE’s platform and reports.

Key features: secure access control and comprehensive data management

HackGATE has two main sets of features:

Secure access & control

HackGATE is a gateway to control and connect ethical hackers with target systems securely by restricting access to authorized ethical hackers and approved methods. This minimizes risk by restricting access to authorized ethical hackers and approved methods. Additionally, HackGATE integrates security features like Web Application Firewall, SSL offloading, and robust authentication/authorization for further protection.

Comprehensive data management & reporting

HackGATE collects, stores, and analyzes various data types, including security testing traffic, identified attack logs, and how thoroughly they tested the web application, and even personal or company-specific information of testers (with appropriate permissions). This data is then visualized to provide clear insights into ethical hacking activities. Additionally, HackGATE generates reports that offer valuable information for project management, compliance purposes, and improving future security assessments.

Core capabilities: data logging, detailed insights into pentester activity, estimating pentest quality

Logging traffic

During each pentest project, HackGATE saves all relevant data about each pentester who’s involved in the project. Authorized HackGATE users can access specific security details about ethical hackers, including the verification of their credentials and association with Hackrate. This information serves as evidence for your organization to use as future reference or for compliance purposes.

In addition, HackGATE can effectively separate legitimate penetration testing activities from real-world malicious attacks by analyzing the specific security data of each pentester.

Pentester activity

HackGATE offers comprehensive, real-time insights into pentester activity, including the nature of traffic sent to the web server, targeted areas for testing, and the methods employed. It consolidates all pentest-related information and generates a report highlighting key findings, including the effectiveness of implemented security measures.

Estimating the level of automation and overall quality of the pentest

Penetration testing usually involves a mix of automated scans and manual techniques. HackGATE offers a unique capability: estimating the percentage of automated tool usage within a project.

This functionality analyzes various factors, such as repetitive attack patterns, to provide an approximate benchmark indicating the percentage of testing likely conducted using automated tools.

For instance, repeated identical attacks in a row suggest a higher likelihood of automation than a scenario with diverse testing methods, which would be more characteristic of manual penetration testing.

By analyzing factors like testing duration, the variety of techniques employed, and various other attributes and comparing them to industry benchmarks, HackGATE generates an estimated ‘overall penetration testing quality score’.

This score is based on how much of the assets were tested and what methodologies were used, based on OWASP guidelines, providing users with valuable insights into the thoroughness and effectiveness of the testing process.

What’s in your HackGATE dashboard?

HackGATE's centralized dashboard provides an overview of your ethical hacking projects, enabling you to quickly and easily understand key pentest insights.

  • Configuration panel  

This panel allows you to take full control of your HackGATE settings, by easily managing target systems (including IP addresses or hostnames), configuring credentials, and adjusting billing details or plan options.

  • Pentest project management panel

This panel is for keeping your ethical hacking projects on track. The dashboard offers a clear overview of past, ongoing, and future projects, whether it's a penetration test or a bug bounty program.

  • Analytics panel

This section provides valuable insights into your ethical hacking activities, presenting collected data through interactive charts and tables. You can filter and drill down to specific details for a comprehensive understanding.

  • Ethical hacker panel

Ethical hackers working on your projects have their dedicated panel. This space provides them with a clear overview of the projects they're involved in, ensuring clear communication and streamlined workflows.

What’s included in the reports HackGATE generates?

Here’s a breakdown of HackGATE’s functions and the reports generated by each function.

Customer overview

This function stores personal and company-specific data, such as members, company name and its web application URLs, current subscription plan, and available and used HackGATE credits. The generated report provides a detailed profile of the customer, including their associated company, web applications, and pentest projects.

Pentest overview

This function analyzes data related to security testing within a specific timeframe. Users can create custom reports, set the timeframe, and filter for ethical hackers. The report generated by this function provides an overview of the security testing traffic, including the most active ethical hackers and measurements of traffic timeline. This report is useful for executive summaries.

Identified attack types

This feature utilizes a third-party data analytics tool to identify attack types (a web application firewall’s log-only mode). The data collected includes logs of identified attacks on the web application. The generated report provides a comprehensive list of identified attack types, such as the OWASP TOP 10.

Pentest project management insights

This function collects project-specific data, including the timeline of the project and the list of allowed ethical hackers. It provides a complete picture of the website that was tested or is undergoing tests. The generated report provides a detailed overview of the pentest project, including its timeline and involved personnel.

Comprehensiveness insights

This function uses a special tool called Spider, designed to automate the process of crawling and mapping websites. By comparing the analyzed traffic with Spider, HackGATE makes an estimation about which functionalities of the target web application were tested and which were not. The collected data includes the structure and functionalities of the web application. The generated report provides a comprehensive analysis of tested and untested functionalities of the target web application. This function can compare an API definition to the tested API endpoints.

Pentest quality score

This function analyzes how similar companies are conducting pentest projects using specific parameters, such as the length of the project, security testing traffic, and identified attack types. We use predefined algorithms to estimate the ratio between manual and automated testing and detect any suspicious activity in your pentest projects. The generated report provides a quality score for the pentest project, allowing for benchmarking against similar companies.

Why is meticulous reporting so important in IT security?

Maintaining meticulous and accurate records of security testing projects is crucial for organizations for several reasons, including:

  • Compliance requirements: Frameworks like SOC2 and industry-specific regulations often mandate comprehensive documentation of security testing procedures and results.
  • Demonstrating due diligence: Well-documented testing processes showcase an organization's commitment to proactive security measures.
  • Facilitating future assessments: Detailed records serve as a valuable reference point for future security testing, enabling comparisons and improvements over time.

HackGATE simplifies compliance efforts by providing a centralized source of all testing data and reports. Moreover, automated report generation reduces manual effort and ensures consistency in the reporting process.

Multi-layered analytics reporting for a comprehensive overview of pentest projects

Traditional pentest reports often lack the granularity a security team needs, hindering their ability to fully grasp the impact of their pentest projects. HackGATE’s multi-layered reporting provides a holistic view of the entire penetration testing process, from individual pentester activity to the overall effectiveness of the testing methodology.

We hope you found this useful! If you’d like to make your pentests more insightful and see how we can help, feel free to get in touch with us!

If you’d like to see how HackGATE works, click here to start a free trial!

Share this post
What is HackGATE?
Balazs Pozner
CEO & Founder, Hackrate

Are you looking for a way to manage your security testing?

With HackGATE, you can supervise your projects by providing insight into ethical hacker activity. Don’t miss this opportunity to try HackGATE for free for 10 days.
Start your free trial