Traditional pentesting suffers from a persistent issue: a lack of transparency into the pentest process itself and what’s considered successful. Is success measured in quality of vulnerability reports, speed to launch, or pentester communication? Though pentests are relatively short, numerous factors influence the outcome of an engagement. However, most pentests lack data capture to review customer and pentester feedback.
With that in mind, we’re pleased to announce some enhancements to the pentester feedback ratings and review process. We’ve implemented these product changes to provide greater transparency across pentesters, customers, and HackerOne as well as to better track quality and performance across tests.
1) In-platform pentest ratings
As soon as the testing period is complete, both pentesters and customers are asked to complete a survey. Customers provide feedback on their experience working with the pentesters and on the quality of the final summary report, while pentesters are asked about their experience collaborating with their peers and interacting with the customer.
"Although tech-skills are important, pentests require soft skills in order to exceed customer's expectations,” said Sandipa, a pentester within the HackerOne community. “These skills come from a pentester's previous experience which might not be properly reflected through bounties paid or reputation points. Being able to showcase qualitative feedback from both customers and teammates help highlight professionalism and communication skills."
2) Pentest activity on hacker profiles
Pentesters on HackerOne now have the ability to build their professional reputation on the platform by showcasing their pentest stats like the number of tests completed and by publishing testimonials written by peers and customers on their hacker profiles.
"What I like the most about pentest surveys is that you can make them public,” said Leandro, a pentester within the HackerOne community. “For some hackers, their HackerOne profile is their resume, but most of their best work is under NDA. The surveys make it possible to show the world how you perform in professional engagements with real-world testimonials."
3) 360 feedback loop with customers and testers
Aggregating feedback and data trends allows HackerOne to maintain and improve the quality of our testers, recruit testers to meet customer needs, staff individual pentests, and source techniques for future pentests.
We’re constantly innovating to make our pentest platform more effective than traditional approaches. Our goal with these changes is to provide a feedback mechanism across all parties involved in the pentest engagement to optimize the end-end pentest workflow.
To start a HackerOne Pentest today, or learn more, contact us.