All Collections
Pentest Deliverables
Pentest Deliverables

Documents you will receive at the end of a pentest

Updated over a week ago

HackerOne Platform is a crucial component for delivering an engaging customer experience for the penetration test. We encourage you to use the platform and progress findings while the pentest is in progress, interact with the pentesters, and request any retests.

At the end of the engagement, you will receive the following documents:

  • A final PDF report that serves as comprehensive documentation reflecting the assessment's findings and recommendations for remediation. The report is meant to be shared with both technical and non-technical stakeholders. Key components of this report include:

    • Executive Summary

      • An overview of the penetration test.

      • A summarized assessment of the in-scope asset's security posture.

    • Technical Summary

      • Summary of the most severe and most prevalent findings, along with actionable recommendations.

      • Tabular and graphical representation of vulnerabilities identified by severity, along with their respective CVSS score, applicable CWE, and current retesting status.

    • Appendices

      • Scope of the engagement

      • HackerOne's Security Checklists

      • HackerOne's Methodology and Approach

      • Tools leveraged to perform the engagement.

      • Testing team, including the contact information for the assigned Technical Engagement Manager (TEM).

  • A Letter of Attestation that confirms the authenticity and scope contained with the pentest report.

    • Customers typically use this short-form document to demonstrate to third parties that they have engaged in pentesting activities, without disclosing detailed information about vulnerabilities.

ℹ️ Note: Once all reported findings in the pentest are retested and deemed fixed by the pentester, you can request a final pentest report indicating the retesting status as Fixed.

Did this answer your question?