New Capabilities Improve Pentesting Efficiency and Efficacy to Increase Attack Resistance

SAN FRANCISCO, September 28, 2022: HackerOne, the leader in Attack Resistance Management, today announced enhancements to HackerOne Pentest, its Pentest as a Service (PTaaS) offering. The updates include self-service capabilities for scoping and launching tests and new automation to streamline the end-to-end pentesting experience on the HackerOne platform. Now, large enterprise customers can more efficiently manage engagements and gain real-time insights from expert pentesters to reduce security risk and improve attack resistance. To date, HackerOne pentesters have submitted over 6,000 valid vulnerabilities.

“HackerOne Pentest solves for the inefficiencies of traditional pentesting solutions,” said Ashish Warty, SVP of Product and Engineering at HackerOne. “Traditional pentests typically take 4-6 weeks to launch and deliver static results once testing completes. HackerOne Pentest’s updated capabilities let customers launch tests within a week and receive in-platform results from pentesters throughout testing engagements.”

Via the HackerOne platform, HackerOne Pentest combines testing, retesting, tester communication, and results analysis for an all-in-one PTaaS experience. New enhancements continue to remove complexity from testing so customers can:

  • Test faster - Easy to purchase annual consumption based on total testing hours, and self-service scoping makes launching and running multiple tests per year easier. 
  • Maintain program efficiency - New automation and self-service capabilities ensure programs stay agile and keep pace with evolving digital security requirements.
  • Reduce risk in real-time - Critical results are delivered as soon as pentesters find them, so customers close their security gap in a shorter time frame and minimize their attack resistance gap faster.

"With HackerOne Pentest, we can orchestrate multiple engagements per year, scope and launch faster, consult with the pentesters in real-time, and get on-demand results,” said Dr. Jasyn Voshell, Director of Product Security at Zebra Technologies. “Plus, we get access to a diverse and talented global community of pentesters for superior outcomes."

HackerOne Pentest is powered by a global community of more than 100 vetted and background-checked testers, ensuring quality, consistent results from each engagement. Each pentester meets strict achievement requirements, including a minimum of three years of professional pentester experience and either OSCP/OSCE/OSWE/CREST certifications or more than 500 HackerOne reputation points, among other requirements.

The enhancements to HackerOne Pentest are available today and build upon HackerOne’s Attack Resistance Management (ARM) solution. ARM closes the gap between what organizations own and what they can protect by continuously improving visibility and remediation across an organization’s evolving attack surface. Learn more about Attack Resistance Management and HackerOne Pentest enhancements during HackerOne’s virtual user conference Security@ October 13.


HackerOne closes the security gap between what organizations own and what they can protect. HackerOne's Attack Resistance Management blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo. In 2021, HackerOne was named as a ‘brand that matters’ by Fast Company.