Skip to main content
All CollectionsPentests
Request a Pentest
Request a Pentest

Organizations: Learn how to request a pentest no matter what your current package is

Updated over a week ago

Learn how to request a pentest with HackerOne. Whether you've run 100 or 0, this guide walks you through requesting pentests no matter what your current status is.

New Customer

Not a current HackerOne customer? No problem! Contact HackerOne to talk to a sales rep, and they will send you a scoping form to discuss the best options for your team and use case.

Current Non-Pentest Customer

These instructions apply if you're currently a HackerOne customer but have never run a pentest before.

  1. Go to Engagements > Pentest.

  2. Click Get started

  3. Click Start a pentest scope

  4. Name your new pentest and add a desired start date, then click Next

  5. The scoping form asks for details such as your goals, desired outcomes, hacker restrictions, and other helpful information. Fill out the form to the best of your abilities, then click Continue. The form auto-saves, so you don't have to worry about losing your progress.

    Scoping form: Testing goals and details

  6. Begin adding information about the assets you want to test. Fill out as much information as you can about each asset. To add another asset, click + Add asset in the left sidebar. The asset type you select determines what fields pop up.

    1. Take a look at the fields that appear when you select an asset type to make sure you’ve chosen the correct one.

      Selecting the first asset to scope

      Scoping form showing multiple assets added

    2. Note: The warning symbols on the left indicate that a field was not filled out. If you don't know something, you can continue and come back later.

  7. Click Continue.

  8. Review and submit the form for our team to review.

Current Pentest Customer

If you have already run a pentest with us, you can easily request a new one from within the platform.

  1. Go to Engagements > Pentest.

  2. Click New pentest.

  3. Choose to start a new test from scratch or clone a previous one and which subscription you would like to use. Click Next.

    1. The example images show starting one from scratch. If you clone an existing pentest, the information will already be filled out for you and you can edit as needed.

      Start a new pentest modal

  4. The scoping form asks for details such as your goals, desired outcomes, hacker restrictions, and other helpful information. Fill out the form to the best of your abilities, then click Continue. The form auto-saves, so you don't have to worry about losing your progress.

    Scoping form: Testing goals and details

  5. Begin adding information about the assets you want to test. Fill out as much information as you can about each asset. To add another asset, click + Add asset in the left sidebar. The asset type you select determines what fields pop up.

    1. Take a look at the fields that appear when you select an asset type to make sure you’ve chosen the correct one.

      Selecting the first asset to scope

      Scoping form showing multiple assets added

    2. Note: The warning symbols on the left indicate that a field was not filled out. If you don't know something, you can continue and come back later.

  6. Click Continue.

  7. Review and submit the form for our team to review.

Tip: If you need to run the same pentest regularly, set a calendar reminder to clone your existing one a couple of weeks before it should start!

Did this answer your question?