All Collections
Retesting Pentests
Retesting Pentests

Verify that the identified vulnerabilities have been effectively remediated

Updated over a week ago

Retesting is a crucial phase after the initial pentest to verify that the identified vulnerabilities have been effectively remediated. Below are the essential steps of the retesting process:

Requesting Retesting

You may request retesting of specific bugs you've addressed during or after the pentest has concluded.
Retests can be requested in the HackerOne platform. Please follow the guide here.

Retesting Window

The duration for which retesting can be requested without incurring extra costs varies based on the pentest tier. It could be either 30 or 90 days post-pentest. To learn about the time window for your specific tier, always refer to the pentest tier details.
Each retest request is charged $50 after the free retesting window concludes.

Claiming a Retest

Once a retest is requested, members of the pentest team can claim the task through their dashboard under the 'Retesting' tab.

If a claimed retest isn't completed within 72 hours, it becomes available for other team members to claim from the same dashboard.

Duration for Retesting

Once claimed, a retest should be completed within 72 hours.

Reporting Retests

Any retesting findings or confirmations are documented in the initial vulnerability report. It's imperative for the pentesters to provide evidence, showcasing whether the vulnerability has been successfully addressed or persists.

Did this answer your question?