Sean Ryan

HackerOne Announces a New Customer Pentest Setup that's More Efficient and Speeds Time to Launch

HackerOne Blog

HackerOne announces an improved customer setup experience for pentest engagements. Your organization will now benefit from a more consistent and standardized process for launching pentests, with a self-service setup form to add engagement details, gain real-time visibility of the funding status, and track your start date and timeline. 

This improved experience reduces time to launch, which is vital when your organization is up against an urgent timeline to complete a pentest due to a recent acquisition, a security breach, compliance deadlines, or other drivers. Our expert Technical Engagement Managers will assist your team by providing high-value consulting such as planning, refining the scoping of tests, assigning resources, and addressing unforeseen challenges. 

One issue with traditional pentests is setup time—typically at least two to three weeks, and the entire process is inherently complex and manual. It often requires scheduling multiple calls with the provider to define the engagement. If your team has contracted an outside firm for a pentesting, the experience is likely similar to this: 

  1. Scope the engagement to determine which assets and functions need testing, and the required coverage for large, complex assets. 
  2. Use of an ad-hoc process to engage in customer setup activities such as securing the funding and setting time and location preferences. 
  3. Some form of back-and-forth communication with the provider to resource and schedule the pentest, costing your team valuable time.
  4. Finally, providing access to the assets to be tested (credentials, firewalls, etc.).

 

Compare this to HackerOne’s new self-service setup process that provides:

  1. A completed scoping form upon login.
  2. A standardized intake form to confirm the rewards funding status (or credit card payment option) and location preferences. And for added flexibility, an email invitation for colleagues to help fill in the correct information.
  3. A way to add asset details (including how pentesters will access the assets and how credentials are provided) directly and securely through our platform.
  4. A method to finalize the testing period and start date. 

These improvements give your team more control to initiate pentests on schedule, and the pre-launch phase of your pentest engagements shortens. The new process is shown in Figure 1 below:

HackerOne Assessment Self Service Setup Form
Figure 1: HackerOne’s new self-service setup form for pentest engagements

Our self-service setup form eliminates the friction and delays common in manual processes. Organizations like Hired, the career platform for matching tech talent with innovative organizations, launched a pentest with HackerOne in one week—a difficult timeline to meet with a traditional pentesting provider. 

Frequent pentesting is a security best practice that can drive down exploitability in new software and cloud environments, but long setup times and inadequate tester interaction can limit effectiveness. HackerOne Pentests report on vulnerabilities as they are found. Your team has direct communication with testers and can begin remediating vulnerabilities without waiting for a final report. Combined with a single-week setup, pentests are completed faster, allowing you to test more frequently and improve efficiencies. For more information on improving pentest results and security outcomes working with hackers, visit HackerOne Assessments.

HackerOne Assessments is a key component of HackerOne Attack Resistance Management that helps your organization protect an ever-expanding attack surface. Contact us to learn more about how to achieve attack resistance with HackerOne Assessments.

The 8th Annual Hacker-Powered Security Report

HPSR blog ad image