Easily configure and publish a security page that presents a high-level summary of the most important security-related aspects of your web application.
Share the high-level results of your most recent penetration test conducted by Heyhack Scan on an automatically updated security page that you can host on your own domain. 👍
Tell your customers about the security of your web application and the efforts you have done to protect their data. In Heyhack, you can configure a security page and include the sections that you think are relevant for your audience. Once configured, Heyhack will keep your security page up to date and automatically refresh it with the latest results from your most recent penetration test—similar to how uptime monitoring pages work.
By default, Heyhack will generate a URL to host your security page but you can also provide your own domain (e.g., security.yourdomain.com). After setting a CNAME record in your DNS settings that points to Heyhack, we will automatically issue a TLS certificate for you and host the page on our globally available servers—no maintenance required. 👌
You can select which sections you would like to include on your security page. Choose between sections on test coverage, OWASP Top 10 compliance, data encryption, infrastructure security, source code dependencies, and user protection.
Heyhack compiles information on the security of your web application that are relevant to your customers. This information includes details on the transport layer employed by your application, HTTP headers, whether your external dependencies are up to date, etc.
When conducting penetration tests, Heyhack follows the methodology of the OWASP Web Security Testing Guide and, as a result, Heyhack assesses whether your application has any high- or medium-level vulnerabilities in any of the OWASP Top 10 categories. This lets your customers understand whether your application generally complies with the security risks outlined by the Open Web Application Security Project.