You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/hackers/pentest-overview.md
+15-12Lines changed: 15 additions & 12 deletions
Original file line number
Diff line number
Diff line change
@@ -10,35 +10,38 @@ In a penetration test (pentest), authorized hackers broadly test the attack surf
10
10
11
11
### How it works
12
12
Here are the steps outlining the HackerOne pentest process:
13
-
1. Submit an application to participate in the pentest when you find a pentest that matches with your skillset.
14
-
2. HackerOne looks at all applicants and forms the pentest team you’ll be working with. Teams are formed based on skills required for the pentest as well as living in similar timezones and speaking a common language so that teams can best work and communicate together.
15
-
3. The pentest will launch and the team will have 2 weeks to complete the pentest. Reports created during the pentest will be submitted using HackerOne.
16
-
4. After testing has been completed, the lead pentester will draft and submit a summary report of their findings.
17
-
5. Once the vulnerabilities have been remediated, the pentest team will retest the vulnerabilities to make sure they’re fixed.
13
+
1. Apply to be a pentester by submitting the pentest application.
14
+
2. Review the different pentest opportunities that are available.
15
+
3. Submit an application to participate in a specific pentest when you find one that matches with your skillset.
16
+
4. HackerOne looks at all applicants and forms the pentest team you’ll be working with. Teams are formed based on skills required for the pentest as well as living in similar timezones and speaking a common language so that teams can best work and communicate together.
17
+
5. The pentest will launch and the team will have 2 weeks to complete the pentest. Any reports created during the pentest will be submitted using HackerOne.
18
+
6. After testing has been completed, the lead pentester will draft and submit a summary report of the team's findings.
19
+
7. Once the vulnerabilities have been remediated, the pentest team will retest the vulnerabilities to make sure they’re fixed.
18
20
19
21
### Applying for a pentest
20
22
Once you’ve been approved to be a part of the pentest community, you’ll be able to view and apply to different pentest opportunities. You need to apply to participate in each pentest because different pentests require different skill sets, and we want to make sure your experience best matches with the opportunity.
21
23
22
24
To find and apply for pentests:
23
-
1. Go to the Directory.
24
-
2. Select the Pentest tab to view what pentest opportunities are available. For each pentest, you can view:
25
+
1. Go to the **Directory**.
26
+
2. Select the **Pentest** tab to view what pentest opportunities are available. For each pentest, you can view:
25
27
* Dates of the pentest
26
28
* The payout range
27
29
* The number of hours required to complete the pentest
28
-
3. Click Submit 1-click application for the pentest you want to apply to.
29
-
4. (Optional) Click the button again to revoke your application.
30
+
3. Click the **View more and apply** button for the pentest you're interested in.
31
+
4. Click the **Submit 1-click application** to apply for the pentest.
32
+
5. (Optional) Click the button again to revoke your application.
30
33
31
34
> **Note:** Pentests don’t award bounties for any new vulnerabilities found through the pentest. Retests, however, are required for each vulnerability and are included in the financial rewards for the pentest.
32
35
33
-
After you apply, technical program managers will review your application for the pentest and place you on a pentesting team if your skills are a good fit for the program.
36
+
After you apply, HackerOne's technical program managers will review your application for the pentest and place you on a pentesting team if your skills are a good fit for the program.
34
37
35
38
### Submitting a Pentest Check
36
39
Each pentest is comprised of different security checklists that are based on the OWASP top 10 vulnerabilities. Each checklist consists of the top weaknesses that are to be tested.
37
40
38
41
When you’re ready to submit your findings on a weakness type:
39
-
1. Go to Hacker Dashboard > My Pentests.
42
+
1. Go to **Hacker Dashboard > My Pentests**.
40
43
2. Select the pentest you’re currently working on.
41
-
3. Click on Scope
44
+
3. Click on **Scope**.
42
45
4. Select the security checklist for the asset you’re working on.
43
46
5. Click on the weakness you want to submit findings for.
0 commit comments