Indian cab aggregator Ola has launched ‘Jackhammer’, a first-of-its-kind comprehensive vulnerability analysis and management tool that finds security flaws in the target app and helps security teams manage complex integrations for secure product deployment. This solution has now been open-sourced for access to other technological organizations by the ride-hailing giant.
All the info collected using the Jackhammer tool is made available through a customized dashboard. It presents a consolidated set of vulnerable apps (or networks, source code or blogs) which enable the organization to stay on top of the security stack. By identifying and elimination the vulnerabilities in their products, the tech giants can enhance the user experience — not only on the front end but also under the hood.
In the official blog post, the key features of Ola’s Jackhammer analysis and management tool have been described as under:
- Collaborative: the dashboard can be shared and accessed those focused on the quality of the product. This means developers, quality assurance, Technical Program Managers (TPMs) and senior leadership can all have access to the results.
- Role-based privileges: You will only be able to access info you should have access to. You require higher privileges to access the complete report.
- Can run all kinds of scans, be it on the source code, web app or mobile apps, and networks. The report is combined at a single location and a ticketing system is integrated into the tool. This enables you to keep track of the product from one single page.
Speaking on the launch of this tool, Shadab Siddiqui, Head – Security Engineering at Ola said,
As a homegrown technology company, we realize the importance of building a security infrastructure that will help efficiently address vulnerabilities that may exist in product application, and there was a serious need for such a tool in the developer/security community.
As part of the growing technology ecosystem in India, our aim is to share our knowledge and expertise to help other companies address similar challenges by using our application that is built to provide a comprehensive picture of all vulnerabilities, eliminating the need to shuffle between platforms.
Ola has undertaken this initiative as it wants to eliminate the middlemen (or security researchers) we always have to involve to weed out bugs and vulnerabilities in the app. They’re then offered financial awards for their services, but the cost and complexities of some pf these can prove to be unsuitable for some organizations.
Ola itself launched a bug bounty program back in 2015 after a handful of exploits enabled users to access free rides. But, it now seems that the ride-hailing giant has developed a cost-effective solution to ensure that tech giants do not skip on any potential threats. Their tool is efficient at addressing the existing exploits present in the product — which can be taken care by the security teams thereafter. It also ensures the privacy and safety of an individual’s data as well.
Siddiqui further states that the company is all about helping its fellow startup community better manage and protect their products. Ola has already reached out to a few of the leading product companies with Jackhammer and they are excited about the prospects of benefitting from this extensively feature-packed tool. If you’re willing to access or contribute to the Jackhammer tool, navigate to its Github page right here.