HackerOne Gateway V2 vs.  HackGATE™ by Hackrate

Considering a monitoring tool for your security testing projects and not sure how to get started?
We created an in-depth comparison of HackerOne’s Gateway V2 solution and HackGATE™, exploring different aspects of the two solutions, such as signup process, available options for monitoring and controlling security testing, report capabilities, and ways to leverage the results.
Expert overview

Things to consider before making a choice

Empowering decision-making

Both HackerOne with HackerOne Gateway v2 and Hackrate with HackGATE contribute positively to the crowdsourced security testing market and, in a broader sense, to the entire cybersecurity sector, by prioritizing delivering valuable insights about security testing to decision-makers.

Data-driven security

To decide which one works better for you, we recommend a custom approach based on your team’s unique needs, carefully considering specific requirements, such as the particular IT assets within the testing scope (web app, domain, wildcard, etc.), and determining the degree of involvement in the testing process.

A comparison of HackerOne Gateway V2 and HackGATE™

HackerOne Gateway V2


The basics
A short description of the solution
HackerOne’s Gateway V2 is an add-on solution for customers already using HackerOne’s bug bounty services. It utilizes  "Cloudflare WARP" to capture the headers of VPN traffic.
It enables users to have granular control over finder activities on programs and assets.
HackGATE™ purpose-built, enterprise-level monitoring solution created by the Hackrate team. It is a standalone service to increase transparency in security testing by using advanced analytics and enabling access to essential information on pentester activity in one platform.
Setting up
How easily can we get started with the solution?
Customers need to configure their WARP client based on clear instructions.
A fully managed SaaS solution by the Hackrate team. Users only need to provide access to the web app on the HackGATE interface and specify when the security testing will take place.
Monitoring features
How can we access the data that meets our requirements and how can we can monitor the testing activity?
This is a VPN solution that doesn't decrypt data, resulting in limited monitoring capabilities.

However, you can monitor a diverse range of IT assets, including IP addresses, CIDR, URLs, domains, and wildcards.

Cloudflare also has a proxy for https.
It is constructed on a reverse proxy, providing advanced application-level monitoring and control capabilities. Currently, it is applicable for web app testing.

An upcoming feature, Tunneling, will extend its coverage to include IT assets such as IP addresses, CIDR, URLs, domains, and wildcards.
Control over testing
How can we technically oversee the work of ethical hackers beyond policy-related checks?
Employs basic authentication controls, such as IP filtering.
Empowers you with complete control over your project, allowing you to even block specific URL paths.
Reporting capabilities
How does it support decision-makers by offering proof of security testing or providing an audit trail, both in terms of information and user-friendly features?
Customers can access basic network info and traffic logs in NDJSON format.
The HackGATE™ dashboard offers a transparent overview of your ethical hacking project, allowing users to delve deeper into the specifics.
In which security testing projects can the solution be applied in case you work  with multiple suppliers and various external partners?
It is primarily related to the HackerOne bug bounty program, so any other cases would require compromises in terms of separate project selections.
You can oversee all penetration testing projects, whether you collaborate with Hackrate, other bug bounty or PTaaS platforms, or traditional penetration testing companies.

It allows for the separation of pentest projects, serving as a fully independent, standalone solution
How much does the solution cost and what factors does the price depend on?
Cloudflare product at a reasonable price, depending on the number of ethical hackers participating in the testing.
Transparent, pay-as-you-go pricing offering a free trial.

Basic plan

Basic features for up to 10 users with everything you need.
Get started

Business plan

Advanced features and reporting, better workflows and automation.
Get started

Enterprise plan

Personalised service and enterprise security for large teams.
Get started
User access
Basic features
Saved reports
Individual data
Automated workflows
200+ integrations
Reporting and analytics
Export reports
Scheduled reports
API access
Advanced reports
Saved reports
Customer properties
Custom fields
User access
SSO/SAML authentication
Advanced permissions
Audit log
Data history

Comparing different approaches

HackerOne has seamlessly integrated a well-established third-party solution known for its stability for customers already using HackerOne’s bug bounty services. In contrast, Hackrate has adopted a distinct strategy, focusing on the development of a purpose-built vendor-agnostic solution.
The key difference between the two solutions stems from their different architectures, with HackGATE providing more extensive capabilities for communication analysis and precise control adjustment during testing. Due to HackGATE being purpose-built, its reporting is not only more effective but also simpler, aiding in a clearer understanding of the events during the testing process.

Are you looking for a way to manage your security testing?

With HackGATE, you can supervise your projects by providing insight into ethical hacker activity. Don’t miss this opportunity to try HackGATE for free for 10 days.
Start your free trial