PRODUCT GUIDE

Synack Security
Testing Platform
How to use one platform for all of your penetration testing needs

1
Table of Contents
Introduction 3

Benefits of the Synack Security Testing Platform 6

Pillars of the Synack Platform 10

Asset Discovery & Insights 11

Managed Community Access 13

Vulnerability Management 15

Operations and Support 17

API and Integrations 18

Testing Controls 19

Reporting and Real-Time Analytics 20

Managed Vulnerability Disclosure Program 21

Synack Catalog and Credits 23

Conclusion 25

2
Introduction
Imagine a world where your security testing is the strategic arm of
your security program, helping to illustrate actionable data from your
attack surface and guide your security team through comprehensive
remediation of exploitable vulnerabilities without adding layers to your
security stack.

Compliance checklists are a good place to start, but they won’t deliver
the insights you need to protect your organization in the long term. And it
won’t protect your organization from reputational damage and potential
fines if a breach occurs. Today’s security landscape requires continuous
oversight of your most protected assets and the ability to identify
security trends across the organization.

As CVEs increase exponentially year-over-year and ransomware’s

popularity grows, you need to be able to see the weakest points in your
attack surface to proactively mitigate threats, something you can’t do
with traditional tools.

Synack’s ability to provide continuous, strategic and tactical security

testing is made possible by the pillars of our penetration testing platform
and our catalog of on-demand security testing options that provide the
flexibility organizations need to meet their unique security goals.

3
Why security testing needs to improve
Testing once a year doesn’t address a software development lifecycle that introduces
new code daily, and current testing methodologies often treat all assets the same
despite a varied level of risk. Finally, most firms don’t take action on results because
the quality, visibility and consistency of the vulnerability reports are poor.

Security leaders can no longer rely on traditional pentesting that creates noise, doesn’t
scale and results in only some, not all, exploitable vulnerabilities being fixed to check
the compliance box. It’s time to embrace a security culture that is risk-driven instead
of compliance-driven.

A CISO PERSPECTIVE

Security Testing Today

“All the money we spent on security testing and remediation
yesterday is gone. We don’t learn anything from the process
or leverage the data strategically. We claim success if the
regulators are satisfied.”

The evolution of security

testing methodologies
It may sound too good to be true in today’s dynamic environment. Digital transformation
has led to accelerated vulnerability creation as teams manage cloud sprawl and build
applications faster with agile development cycles, requiring a risk-driven, instead of
compliance-driven, approach.

Taking a thoughtful approach to security testing based on asset-level risk can help your
organization craft a testing strategy that will not only keep you compliant, but also help you
to properly manage risk across a growing attack surface. The spectrum of testing the Synack
Platform supports includes everything from continuous pentesting to automated vulnerability
scanning. Increasingly, companies are moving away from a one-size-fits-all approach to their
attack surface and want flexibility in their security testing consumption. Companies need
choices and the ability to test assets when they want, where they want and how they want.

4
Developing
an ideal security Continuous Continuous Targeted On-Demand Automated

testing strategy
Testing Testing Penetration Security Vulnerability
365 days 90 days Testing Tasks Scanning

LOW
HIGH
ASSET IMPORTANCE

The Synack Platform: A risk-driven approach

The Synack Platform enables you to track When done properly, security testing can transform
improvements in your attack surface hardness over your vulnerability management through both tactical
time, launch over 40+ types of testing on-demand and strategic methods. Tactically, security teams
and evaluate the quality of your pentesting based on can identify exploitable vulnerabilities to fix them
researcher coverage and controls, rather than just and strategically, security leaders can identify root
vulnerabilities found. It also provides external attack causes and trends across asset type and at scale.
surface discovery, immediate access to asset insights,
actionable reports and patch verification. Synack
is also more secure than other modern pentesting
platforms with a FedRAMP Moderate authorization.

Tactical
Identify exploitable
+ Strategic
Identify root cause to stop
vulnerabilities creating vulnerabilities
so they can be fixed that could be avoided

5
Benefits of the Synack
Security Testing Platform
This guide will provide an overview of the Synack Platform technology
pillars including asset discovery and insights, vulnerability management,
operations and support, the Synack API and integrations, reporting and
real-time analytics, testing controls and managed community access.
Before summarizing these pillars, we’ll review how these pillars can benefit
your organization from a test efficacy perspective.

6
Discover, inventory and prioritize
new assets
Synack provides continuous discovery of new web, IP and FQDN assets to help
keep your asset inventory updated. Discovered assets will appear in the client
portal alongside any assets you have tested; additionally, assets are fingerprinted.
Investigate and prioritize assets for further pentesting by learning about their
testing status, open ports and suspected or exploitable vulnerabilities.

Launch a security test in days,

not weeks or months
Synack offers on-demand and continuous security testing that can start and stop
when you need it, leading to improved test efficacy.

CAPACITY CAPABILITY CONFIDENCE

Synack offers access to Stay ahead of the latest Show your stakeholders
thousands of hours of security threats as the best and customizable reports so
testing on-demand. brightest minds in security no one has to worry about
are financially incentivized your security posture.
to hunt for vulnerabilities in
your environment.

Gain visibility into vulnerabilities,

coverage and remediation status
Synack provides a transparent view of Synack Red Team (SRT) performance, including
exploitable vulnerabilities, real-time analytics, insight, testing activity and history.
Additionally, you can decide when tests start and stop at the click of a button, chat with
researchers through the portal, and remediate faster with on-demand patch verification.

7
Do more testing without
compromising on quality
Every year, Synack scales to meet the evolving landscape of exploitable
vulnerabilities and the increasing size of enterprise attack surfaces.
Synack provides a consistent and secure global experience for every test
from start to finish.

49,000 Synack tests performed

in 2023

13,605 Number of exploitable

vulnerabilities published

CVEs in 2023

8,500 Average large enterprise

attack surface
IPs

FedRAMP Synack environment

Moderate
has enterprise grade
security controls

Work collaboratively with developers,

leadership and security teams
Synack allows for customized reporting, easily exportable views, integrations with ticket
management, business intelligence, SIEM, Microsoft tools and access controls that help
you share information internally.

8
Find root causes of vulnerabilities
With the platform, you can see security trends across vulnerabilities, identify root causes
and materially improve your security posture. For example, one Synack customer learned
that 80% of vulnerabilities found in applications and infrastructure were related to
authentication. After they built an internal education program to retrain their teams on
secure authentication, they cut their authentication vulnerability rate in half.

Government-grade security controls

Synack has achieved the FedRAMP Moderate designation, underscoring Synack’s
commitment to data security for all customers. FedRAMP, which stands for the Federal
Risk and Authorization Management Program, is a framework that standardizes security
requirements for federal information managed in the cloud. The Moderate-level designation
is the highest level reached by any company in the Pentesting as a Service space.

9
Pillars of the
Synack Platform
Synack provides a transformative security testing experience with you in mind.
How? We’ll review the core technology components of the Synack Platform
and how they correlate to benefits for your team. The pillars of the platform
discussed in following sections include:

1. Asset Discovery & Insights

2. Managed Community Access
3. Vulnerability Management
4. Operations and Support
5. API and Integrations
6. Testing Controls
7. Reporting and Real-Time Analytics

10
 Asset Discovery and Insights
1 The first step for a security testing program is assembling an accurate inventory
of assets. In today’s environment, attack surfaces are dynamic and software
development is continuous. Synack helps security teams stay proactive with
continuous attack surface discovery to inform their strategic security testing plans.

Self-service discovery
Easily add your known Domains, FQDNs, IPv4 addresses, CIDRs and IP ranges to
a seed group and launch a scan at the click of a button to discover new assets.

Seed groups to create segmented workspaces

Synack gives you the ability to segment your discovered assets by teams,
subsidiaries or even third parties as a way to organize assets and maintain control.

11
Continuous discovery of new assets
Synack provides continuous discovery of new assets in a single dashboard with
filters to help prioritize by asset type and confirmation status. Tested assets will
also appear in the Discovered Assets view and be confirmed automatically.

Asset Insights
Once assets are confirmed, they will appear in the Asset List for further
fingerprinting and investigation. For more details about Asset Insights view here.

12
 Managed Community Access
2 Access to a community of security researchers you can’t hire or find.
Easily launch dozens of structured security tests on-demand.

Researcher vetting
Five-step vetting process including background checks,
skill assessment and video interviews.

Fully managed researcher payouts

Unlike bug bounty companies, Synack handles all payments and
communications with our security researcher community.

Proactive researcher rotation

Synack rotates cohorts of researchers automatically to provide
better coverage and more diverse perspectives.

13
Researcher skills matched to your targets
SRT members only have access to targets where they have demonstrated skill
through technical assessments and proven ability to succeed.

Penetration Tester/ Network Cyber Incident

Professional Titles Software Developer Security Analyst Cryptanalysis
Red Teamer Administrator Responder

Software Change Social Media

Recon Skills Dark Web Recon Digital Footprinting OSINT
Kill Chain Detection Analysis

Docker and Linux Cloud: Azure, GCP, Microsoft AD

Technologies PHP Environments Kubernetes
Containers Environments AWS Environments

Asset Types Web App Cloud API Host/Infrastructure Mobile OT/ICS/SCADA

Cross Site
Vulnerability Remote Code Session
SQL Injection Request Forgery Lateral Movement Privilege Escalation
Expertise Execution (RCE) Authentication
(XSRF)

Web
Offensive Remediation Malware Password Brute
Tools Development Application Reverse Engineering
Security Skills Guidance Analysis Force Testing
Testing

Offensive Security
Certifications CISSP GCIH ECES CCNP eMAPT
Certified (OSCP)

Languages English Spanish Arabic Portuguese German Hindi

Incentive-driven model On-demand security tests

At Synack, security researchers are not in a A comprehensive list of on-demand security
race to submit first. There are multiple ways for tasks researchers can complete in days,
members of the Synack Red Team (SRT) to earn including zero day response, vuln checklists,
compensation, which results in higher quality threat modeling and benchmarking against best
findings for clients. They get paid out for missions, practice frameworks like OWASP.
vulnerability identification, report submissions,
patch verifications and community mentoring.

14
 Vulnerability Management
3 Synack manages your journey from vulnerability discovery to remediation, so
your developers can address fixes earlier and you can rest assured that your
vulnerabilities are thoroughly addressed.

Recon
Vulnerability Management Cycle Steps
Recon Synack deploys SmartScan for pre-test scanning
Confirm Hunt

Hunt­­ SRT conduct open vulnerability discovery

Vulnerability Find SRT submit potential vulnerabilities to Synack

Management Cycle
Patch Find Verify Synack conducts triage of SRT findings

Report Synack delivers verified vulnerabilities to the customer

in real time
Report Verify
Patch Customer confirms patch which creates an automated
patch verification request

Confirm Customer requests SRT to re-test vulnerability to

confirm successful remediation

Common repository for security testing

Access all testing information across teams, geographies and
times, enabling trend detection and root cause analysis.

Unlimited users
No “per person” user charges to encourage secure and
appropriate access to testing data. Include developers with
access with role-based access control.

15
Key vulnerability management features

Asset Insights Patch verification

Asset fingerprinting, history, scanning and SRT-led Researchers re-test to verify that the patch
exploitable vulnerabilities. was effective.

Communication with researchers Assessments

on vulnerabilities The Assessments tab provides a single view for all
Chat directly with members of SRT through past and on going assessments.
the platform.

16
 Operations and Support
4 Synack ensures that vulnerabilities are high impact and truly exploitable. Triage
eliminates any duplicate submissions or low-quality submissions. Additionally,
Synack provides customer support available 24/7 to scope and launch tests.

Customer Success
Customers are supported by trained customer success and support professionals.

Worldwide Team
Vulnerability reports reviewed by a team built to span multiple time zones, so they
are reviewed in a timely manner no matter your company’s global location.

Launch Assistance
Synack professionals help customers carefully prepare for each test, minimizing the
chance of surprises or errors.

Professional Triage
All reports are checked for accuracy and true exploitability before being sent to
customers. Duplicates are also removed.

Community Team
Dedicated Community Team at Synack advocates for, engages with, recognizes
and rewards top SRT members.

Recruitment
Synack never stops enlisting great talent to help serve customers with
specialized or fresh tactics, techniques and procedures.

17
 API and Integrations
5 Integrating Synack into other security workflows and tools is important for reducing
operational friction, improving responsiveness, triaging and reducing alert noise and
validating security posture. Use cases for integration include process operations,
security operations, incident response and security analytics.

Synack Integrations
These are the existing pre-built integrations and modules by Synack.

Synack integrates with Microsoft Sentinel, Synack-discovered vulnerabilities

Defender for Cloud, and Azure DevOps, and status updates are synchronized
allowing for continuous and on-demand with Jira ticket handling. This enables
security testing in Microsoft Azure. immediate email notifications.

Synack-discovered vulnerabilities are Integrates Synack offensive

triaged and remediated in ServiceNow. security testing results into
Splunk’s security operations.

Sample process operations integration between Synack and Jira Screenshot from Splunk app of Synack integration

Build custom integrations with the Synack API

Synack’s API is easy to use and designed to integrate with your team’s existing
security stack. Synack’s API is a RESTful service to interact with Synack data,
reports and test activity for full visibility across security teams. It can be used by
customers to build custom integrations.

18
 Testing Controls
6 Achieve full control and visibility over all testing traffic. Easily audit all testing traffic
to spot trends, measure testing hours and ensure coverage of your attack surface.

Pause Assessment
A button on each assessment page allows
you to stop testing at any time.

Firewall Allowable IP Addresses

This feature provides a range of IP addresses
to whitelist, so researchers can get easy
access to targets and you can easily identify
their attack traffic.

Coverage Analytics
Synack leverages a testing traffic audit
trail to provide analytics on what domains,
subdomains, API endpoints and IPs have
been tested. Additionally, all researcher
and scanning hours are tracked to provide
a holistic view of attacker effort.

Synack Red Team Virtual Desktop Infrastructure

Testing can also cause concerns about where sensitive data and vulnerabilities are being
stored. The Synack Red Team (SRT) use virtual workspaces to test as an additional security
control. Customers receive data protection during the exploit process and the ability to
cleanse data upon request.

19
 Reporting and Real-Time Analytics
7 Traditional pentest reports are descriptions of what was done during testing, what was
found and what might be done about it. Those reports result in a fossilized memento
of what was tested. Without responsive analytics and trend analysis, the report and
analytics are useful for just a moment in time without context of what happened
before or since.

We decided there had to be a better way to communicate pentesting analytics and

results. We focused on key innovations, such as customizability, scheduling and human
components, to create an experience that puts our customers in the driver’s seat.

Real-time analytics
Dashboard
Customer portal includes testing data at a glance,
including new findings, burndown charts, patch
verification and historical findings.

Coverage Analytics
Provides real-time views and reporting on what (e.g.
domains, subdomains, API endpoints), when and how
assets are tested (e.g. number of researchers, attack
types, hours of penetration testing).

Attacker Resistance Score

Quantifies and tracks attack surface resilience over
time. Organizations and individual test scores change
over time and are compared to key industries.

Reports
Configurable, Flexible Reporting Vulnerability Reports
Synack provides customizable, compliance- Clear descriptions of found exploitable vulnerabilities,
ready reports suitable for business or technical including statistics, steps to reproduce, screenshots
audiences that encompass scope, testing and suggested patches
information, vulnerabilities and remediation status.
Best Practice Reports
Human-Written Summaries In addition to vulnerabilities, some Synack offerings
Tests come with summaries based on a security include weakness checks that can be easily shared
expert analysis of the testing data. with developers, operations, auditors or regulators to
confirm implemented best practices.

20
Managed Vulnerability
Disclosure Program
A vulnerability disclosure program (VDP) is a vital part of a strategic
security testing plan. Most organizations don’t have a process for
external security issue reporting, which creates expensive and
cumbersome internal workflows. A VDP program can help reduce noise
and keep incidents from escalating.

Additionally, vulnerability disclosure programs are now a requirement

for federal agencies and enterprises. Best practice standards for
enterprises like ISO/IEC 27001, PCI DSS, NIST Cybersecurity Framework
and OWASP ASVS require a mechanism to receive vulnerability
reports. BOD 20-01 requires federal government agencies to have a
vulnerability disclosure program.

21
Key Features of the Synack Managed Vulnerability
Disclosure Program
Synack’s Managed Vulnerability Disclosure Program (MVDP) is included in the premium platform offering and
provides end-to-end management of your VDP program.

Triage services and noise removal Researcher negotiation

Synack’s Vuln Ops team will triage all vulnerability Synack Vuln Ops will maintain consistent
reports that come in, so your security team receives communication with members of the public
thorough and actionable reporting. Synack will who submit vulnerabilities. They will work with
check the vulnerability report for quality, validate the researchers to get more information about the
vulnerability exists, and provide actionable guidance vulnerability submitted and let them know when
on how to effectively address the vulnerability. the vulnerability is successfully patched.

Researcher relations & expertise Oversee your VDP and pentesting in

Synack has 10 years of experience successfully Synack’s integrated platform
managing relationships with security researchers. Get real-time insight into vulnerabilities with
Synack has a vetted community of 1,500 security Synack’s client portal. Your security team can
researchers called the Synack Red Team that are vital view all vulnerability data across your pentest
to our testing operations. Our experience navigating and VDP program in one place. Track vulnerability
vulnerability disclosure programs for the Fortune 500 details including CVSS score, remediation status
and for federal agencies speakers for itself. and patch efficacy.

Vulnerability management
Synack handles all stages of vulnerability management
from initial discovery to patch verification.

22
Synack Catalog
and Credits
Use our catalog of security testing offerings and platform credits
model to build and execute a flexible testing program. Once you
identify your security goals using Synack’s risk-driven approach, you
can select from offerings such as continuous testing with Synack365,
OWASP and NIST vulnerability checklists, spot checks for CVEs like
Log4j and more.

We designed Synack’s security testing solutions to pair with your

organization’s security goals, keeping in mind that certain industries,
like the public sector and healthcare, have specific requirements to
achieve success.

23
The Synack Catalog: Align your security goals
We provide credits to launch on-demand security testing at any time through the
Synack Catalog, featuring vulnerability checklists, NIST checklists, individual CVE/
zero day tests and other targeted tasks to be performed by SRT researchers.

We can help you to rethink how your organization does security testing. By changing
your security testing methodology, centralizing and standardizing vulnerability reports
and creating a flexible security testing menu for customers, our platform can help
security teams improve test efficacy and leverage vulnerability data strategically.

Synack Credits: Build a flexible testing program

Credits can be used to invest in a structured security testing program that works for you.

Examples of our credit model

400-credit plan 1000-credit plan 5000-credit plan

A security team from an SME has to A new CISO of a small government A large enterprise has an attack surface
test a high priority web application for agency has inherited an unknown attack that’s large, complex and potentially a
compliance. They also want to test for surface and needs to conduct some target for nefarious actors. They need
zero days that could lead to a breach open source intelligence work. They also to develop a plan for testing their high
if not addressed in a timely manner. want to run a more extensive pentest priority external assets continuously
on some of their critical applications while running an annual pentest on a
while testing the network for any few others that are less of a priority.
Synack14 x1 240 credits
common vulnerabilities like SolarWinds.

2480 credits
Synack365 x2
Web Premium Checklist x1 1240 credits each
130 credits Synack90 x1 600 credits

x3 1800 credits
30 credits Synack90
Vuln checks x10 x1
600 credits each
3 credits each Synack14 240 credits

x3
720 credits
Synack14
240 credits each
Digital reconnaissance x1 150 credits

SolarWinds x1 10 credits
Microtest check

24
Conclusion
Flexibility, 24/7 Availability and Support—All in One
Capable. Confident. Synack delivers an industry-leading security testing experience for
our customers. We provide a range of point-in-time and continuous options for security
testing, depending on the risk of the asset. Once you’ve selected a testing strategy that
matches your organization’s security goals, you’ll see improvement in your security posture
with each deployed test. The Synack Platform consolidates results, so you can identify root
causes of vulnerabilities and plan strategically. The Synack Catalog also extends Synack’s
security testing capabilities into areas like digital reconnaissance, API security, and checks
for specific vulnerabilities such as SolarWinds or Log4j.

You will no longer have to guess where to focus your security testing efforts based on a
point-in-time, compliance-driven pentest. Instead, you can embrace an asset-based,
risk-driven approach that results in concrete improvement of your security posture,
improvement that you can effectively communicate to executives and board members.

Contact us for a demo at synack.com/contact.

25