HackerOne Pentest Meets Highest Technical Testing Standards to Simplify Security Compliance for Organizations

SAN FRANCISCO, May 2, 2024: HackerOne, the leader in human-powered security, today announced accreditation by the Council for Registered Ethical Security Testers (CREST) for HackerOne Pentest, its Pentest-as-a-Service (PTaaS) offering. CREST accreditation confirms that HackerOne meets the strict ethical and legal standards of CREST-approved security vendors and offers the most up-to-date skills, strategies, and techniques to comprehensively assess an organization’s cybersecurity posture.

“We are thrilled to welcome HackerOne as a CREST-accredited company,” said Rowland Johnson, president of CREST. “By achieving accreditation for their penetration testing (pentesting) services, HackerOne’s customers can be reassured that they meet the very highest standards. CREST accreditation requires a comprehensive and thorough assessment of business processes, data security, and testing methodologies. This puts HackerOne in a strong position to take full advantage of the growing demand for high-quality pentesting services.”

Key benefits of HackerOne’s CREST-certified PTaaS offering:

  • Industry-approved testing methodologies: HackerOne Pentest meets CREST's comprehensive standards, which align with globally accepted best practices to ensure high-quality, reproducible, and ethical security testing.
  • Pentests driven by CREST-certified professionals: All pentesting engagements are led by full-time HackeOne employees known as technical engagement managers (TEMs), who are CREST-certified and ensure customer needs are met with industry expertise and strong professionalism.
  • Comprehensive pentest support: HackerOne pentesters are thoroughly vetted and equipped to support a wide range of CREST-certified pentesting requirements, from scoping to execution and reporting. Certified testers help organizations meet compliance requirements and align with regulatory frameworks, including ISO 27001, NIST 800-53, and PCI DSS.

“At HackerOne, we’re advocates for efforts that reduce risk for individual organizations and contribute to collective internet security,” said Ilona Cohen, chief legal and policy officer at HackerOne. “CREST accreditation is another clear signal to our customers that they can trust HackerOne, our solutions, and the ethical hacker community to navigate and meet growing regulatory requirements and best practices.”

HackerOne Pentest helps leading organizations, including Adobe, Agoda (part of Booking Holdings), and Wind River Systems, reduce security risk. In November 2023, HackerOne was included in Gartner’s Innovation Insight: Penetration Testing as a Service Report, validating PTaaS as a growing security testing solution for traditionally cautious and highly regulated industries. HackerOne Pentest was also named a Leader in GigaOm’s annual Radar Report in the PTaaS category. To date, HackerOne has helped organizations identify over 400,000 vulnerabilities. HackerOne Pentest helps customers identify 12 vulnerabilities per engagement on average, outperforming traditional pentests. Nearly three-quarters of Pentest customers also report the solution helps them find the most elusive and impactful vulnerabilities.

Learn more about HackerOne’s CREST accreditation here and HackerOne Pentest here.

About HackerOne

HackerOne is the global leader in human-powered security, pinpointing the most critical security flaws across an organization’s attack surface with continual offensive testing to outmatch cybercriminals. HackerOne’s Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence. Customers include Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S. Department of Defense. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.


CREST is an international not-for-profit, membership body representing the global cyber security industry. Its goal is to help create a secure digital world for all by quality assuring its members and delivering professional certifications to the cyber security industry. CREST accredits over 300 member companies globally and certifies thousands of highly skilled professionals. To ensure currency of knowledge in an ever-evolving technical environment, CREST members and professionals repeat their accreditation and certification every 3 years. CREST works with governments, regulators, academia, training providers, professional bodies, and other key stakeholders globally so that organizations investing in cyber security services can do so with confidence.