Security threats plague almost every tech company out there. With limited resources at hand, not many start building with security as the first thought and this often creates problems on the way. Large companies run bug bounty programs so that they can identify security loopholes but that is often not possible for young startups. Ola is trying to help a bit here by offering a tool called ‘Jackhammer’ to make it easier for teams to identify vulnerabilities and fix them.
In a press statement, Ola shares that built in-house, Jackhammer finds security vulnerabilities in the target application (website, mobile app, network, source code and blogs) and it helps security teams to manage complex continuous integration and multiple deployments required for secure product development. Moreover, the application also has a customized dashboard that presents a consolidated set of vulnerable applications and helps the organization identify top vulnerabilities conveniently and work towards aligning efforts to address those vulnerabilities.
Speaking on the development, Shadab Siddiqui, Head – Security Engineering at Ola said, “As a homegrown technology company, we realize the importance of building security infrastructure that will help efficiently address vulnerabilities that may exist in product application, and there was a serious need for such a tool in the developer/security community. As part of the growing technology ecosystem in India, our aim is to share our knowledge and expertise to help other companies address similar challenges by using our application that is built to provide a comprehensive picture of all vulnerabilities, eliminating the need to shuffle between platforms. We have already reached out to a few of the leading product companies with Jackhammer and they are excited with the prospect of benefitting from our application.”
Jackhammer offers a collaborative tool between those focused on security, developers, quality assurance, Technical Program Managers (TPMs) and senior leadership. It can integrate with multiple third party open source and paid tools and can run all kinds of scans (on source code, web apps, WordPress, mobile apps, and networks, etc.) from one place and track them to closure.
Ola says that this step signifies its commitment towards supporting the tech community and entrepreneurism in India. Jackhammer shows the spread of vulnerabilities across all these levels and provides a complete overview of the level of security the tool maintains with respect to vulnerabilities in its code, allowing security teams to understand the complete picture and streamline efforts to mitigate vulnerabilities.
Jackhammer can be accessed at https://github.com/olacabs/jackhammer
