A step-by-step guide to using HackGATE

HackGATE is a solution designed to help security professionals to gain better control over pentest projects by providing oversight of ethical hacker activity. On this page, you’ll find all the info you need to successfully set up HackGATE.
Step 1.

Signing up to HackGATE

To get started with HackGATE, visit the signup page. You have three options for registration: either register using your email address or log in using your existing Google or Microsoft 365 account. Choose the method that suits you best to access the platform.
Step 2.

Setting up the tenant

Enter your tenant name. The tenant name is your organization’s name, with a custom tenant ID assigned.
This tenant name will serve as the identifier for members of your organization to access the same account. If your organization's tenant name already exists, your tenant admin can invite new users.
Step 3.

Setting up the project

Once you're in the dashboard, you'll find your unique tenant ID. The next step is to add the specific site that you wish to use HackGATE for. Please ensure that the site is in FQDN format, such as app.mycompany.com.
To grant HackGATE access to the site, you'll need to authorize the URL. In the meantime, make sure to regularly check your inbox as you'll receive authorization requests and updates regarding the process.
Step 4.

Configure the authorization

In the next step, you'll need to establish authorization for the ethical hackers who should have access to your project. There are two options for doing this:
1.
By entering the email addresses of specific ethical hackers you already collaborate with individually.
2.
By entering the email domain of your company, for example, *@companyname.io. This ensures that all hackers with email addresses using the specified domain will be granted access.
By implementing this authorization process, you can ensure that only authorized ethical hackers are able to access and work on your project.
Ethical hackers can register to your project with their email addresses, using HackGATE’s authentication method.
Step 5.

Whitelist HackGATE to enable access to your web app

You will need to whitelist HackGATE in your firewall to allow access to your business' network.
To enhance security and protect the entry fields from potential attacks, your website might be using Google Captcha. To give access to HackGATE, your company's IT administrator must add the hackgate.io domain to the Google Captcha settings in the designated "add domain" field section on your site.
You’re now all set to start deployment!
Step 6.

Start monitoring the results

Go to the Analytics section within your HackGATE dashboard to begin monitoring your project. In this section, you'll have access to real-time information regarding your pentest projects, such as:
The total number of authenticated requests.
The most active users participating in the project.
Detailed insights into the individual activities of ethical hackers, including who is conducting tests, the extent of their testing, and specific areas they have tested.
By utilizing the Analytics feature, you can gain a comprehensive understanding of your project's progress and track the activities of the hackers involved, providing valuable insights for effective management.
Within HackGATE, you’ll find a comprehensive and authenticated activity log for each ethical hacker, providing you with detailed insights into their past activity. This feature enables you to select the best ethical hackers to work with and to identify and filter out less efficient ones, ensuring accountability within the process.
Furthermore, using HackGATE empowers you to separate legitimate ethical hacker requests from potentially malicious external activities, such as DoS attacks, maintaining a secure environment for your pentest projects.
HackGATE's real-time data and activity logs provide you with enhanced control over ethical hackers, facilitating more efficient management of pentest projects and ensuring the delivery of high-quality outcomes.