HackerOne Platform is a crucial component for delivering an engaging customer experience for the penetration test. We encourage you to use the platform and progress findings while the pentest is in progress, interact with the pentesters, and request any retests.
At the end of the engagement, you will receive the following documents:
A final PDF report that serves as comprehensive documentation reflecting the assessment's findings and recommendations for remediation. The report is meant to be shared with both technical and non-technical stakeholders. Key components of this report include:
Executive Summary
An overview of the penetration test.
A summarized assessment of the in-scope asset's security posture.
Technical Summary
Summary of the most severe and most prevalent findings, along with actionable recommendations.
Tabular and graphical representation of vulnerabilities identified by severity, along with their respective CVSS score, applicable CWE, and current retesting status.
Appendices
Scope of the engagement
HackerOne's Security Checklists
HackerOne's Methodology and Approach
Tools leveraged to perform the engagement.
Testing team, including the contact information for the assigned Technical Engagement Manager (TEM).
A Letter of Attestation that confirms the authenticity and scope contained with the pentest report.
Customers typically use this short-form document to demonstrate to third parties that they have engaged in pentesting activities, without disclosing detailed information about vulnerabilities.
ℹ️ Note: Once all reported findings in the pentest are retested and deemed fixed by the pentester, you can request a final pentest report indicating the retesting status as Fixed.