Pentest Overview

In a penetration test (pentest), authorized hackers simulate a cyberattack on a specific application to test how secure the application is. HackerOne pentests are performed by select hackers from the HackerOne community with skills and experience that best match your applications in scope.

Note: To take part in HackerOne pentests, contact your account manager.

How it works

Here are the steps outlining the process of pentests:

  1. Hackers wanting to participate in pentests apply to be a part of the pentester community.
  2. HackerOne reviews all applicants and decides which hackers meet the criteria to join the pentest community.
  3. Hackers that are accepted into the pentest community are able to view available pentest opportunities from programs offering pentests.
  4. When hackers find a pentest they want to partcipate in, they submit an application to participate in the pentest.
  5. HackerOne looks at all applicants and forms a pentest team.
  6. After testing has been completed, the lead pentester will draft and submit a summary report of their findings.
  7. Once the vulnerabilities have been fixed, the pentest team will retest the vulnerabilities to make sure they're fixed.

After pentesting has been enabled for your program, your new pentest will be listed on the Pentests tab of your security page.

Edit/View Pentests

To edit or view your pentests:

  1. Go to your program security page.
  2. Click on the Pentests tab.
  3. Select the pentest you want to view. The pentests can be in these different states:
State Details
Draft The pentest is not live and is still being written up.
Scheduled The team is selected and the pentest is scheduled to start.
Running Pentesters are actively working on the pentest.
Report due The testing window has finished but the report is not completed yet.
Completed A summary report has been submitted and the pentest is finished.
Archived A past pentest that’s no longer active.