FAQ

Learn more about our services, offerings, and our team. Have a question that’s not on the list? Feel free to get in touch, we’re happy to help. 

Why PentestHero?

What does partnering with PentestHero really mean for you?

How is Pentest Hero Different?

PentestHero employs the same (or, better) ethical hackers and consultants as every other security firm. Why hire us instead of them?

Good question! PentestHero offers a combination of stellar pentesting, delivered by our carefully selected team of security consultants through a cutting-edge cloud platform that’s designed to deliver better quality services. (Whoah, that was a mouthful). We’re smart, we’re witty, and we’re here to help you protect your online business in every way we can. And, with Pentest-as-a-Service, we’re here to stay with automatically rescheduled pentests.

That leads us to our next question:

What is Pentest-as-a-Service?

Pentest-as-a-Service is a relatively new term, but one we believe will be the future of our industry. As-a-Service means having a personalized service, delivered, at-scale to your business by a third-party, on an ongoing basis. Think about your favorite accountancy apps or your favorite “drive” word processor service. And, that’s how we deliver pentests.

Sign up and we’ll partner with you to offer ongoing pentests, delivered in the cloud, via an intuitive, modern dashboard. We schedule new pentests as part of the current one, so you always stay up-to-date and always stay secure.

How Does Pentest Hero Ensure Reporting Quality?

PentestHero works hard to ensure we employ quality, dedicated pentesters. We look for hackers, security consultants, and experts with proven experience, an eye for detail, and creative, out-of-the-box thinking. But, our hiring process is just one way we work to ensure the quality of the data we receive.

Frameworks – All pentests are handled using security frameworks such as OWASP10, ISAE3402, ASVS, and others. You can see what we are checking, why, and when it’s tested.

Auto-Imports – Data is automatically imported from tools, removing manual and human error. What you see is what the security consultant sees. 

Deliverables that Make Sense – No more sifting through lengthy PDFs, our reports are delivered in real-time via our cloud platfrom, as individual work items.

Who Are Your Pentesters?

We hire for creativity, talent, and expertise. When it comes down to it, we need to be able to say, “Our hackers are better”, because that’s how we keep you safe. 

The PentestHero Platform 

Fully secure pentesting in the cloud. Great? Now, how does it work? 

Can I See the Platform Before Requesting a Pentest?

Yes! Contact us to request your free demo.  

How Does Pentest Hero Secure Data?

The PentestHero platform is fully encrypted using 3DES standards. In addition, we work to ensure that all activities on our platform are fully secure.

We screen new users as part of an onboarding process, require strong passwords during account creation, and utilize strong third-party pentesting for our own site. We utilize secure third-party hosting through Amazon’s Azure service, with additional layers of security to ensure your data is safe. 

How Does PentestHero Deliver Reports?

Moving to our cloud platform means intrinsically changing how you receive Pentest reports. As pentesters and as customers of pentesters (we need security too), we understand how frustrating the reporting process is. Emails and lengthy PDF reports are inconvenient and insecure.  

That’s why we deliver pentest reports in real-time, through the cloud, via our encrypted platform. When you sign up, you onboard relevant developers, link them to roles, and we do the rest.  

When pentest results come in, we automatically upload them to the platform and assign them to your team as work items. Every finding is listed separately, with developer and hacker comments, proof of concept screenshots, and relevant data. Your team can talk with our pentesters in real time, via a completely secure interface.  

And, when you’re ready to update non-tech stakeholders, everything seamlessly exports to beautiful PDF reports, complete with overviews, threat analysis, and custom risk profiles for your organization.  

Our Process

What is working with PentestHero like?

What is Your Scoping Process Like?

You begin the scoping process, informing us of what you want tested, how, and why. We offer grey-box, white-box, and black-box testing, across the full scope of your web and digital properties. You can choose to implement your pentest inside one of our existing frameworks, or fully customize the scope to meet specific needs and specific penetration test goals.  

What is Your Testing Process?

PentestHero uses a combination of deep scans using automated testing and full manual assessment and testing. Methods, tooling, and approach will depend on your project scope. You will see what we test and how via the platform.  

Can I Communicate with the Pentester?

Yes. Developers can directly communicate with pentesters to ask questions, request clarification, or automatically request a re-audit of remediated findings. Every finding includes a comments page, where stakeholders can communicate directly with pentesters in real time.  

What are Pentest Credits

PentestHero scraps traditional budget cycles, empowering devs and design teams to conduct their own pentests. Simply budget pentesting for the whole year, buy credits, and deliver them to dev teams. Developers can then plan and launch their own pentest cycles around application changes and updates, without delays and bottlenecks of finance and budgeting.

How Many Credits Do I Need

PentestHero uses a simple pricing scheme. We factor in the complexity and size of your website alongside the security level of a scan to determine how many credits you need. Simple websites start at 1 credit. Check our table here for more information.

Are Credits Refundable?

No. All credits are final sales. You may qualify for a refund if work is undeliverable or otherwise unsatisfactory, in line with our Terms of Service. Otherwise, all credits are seen as a pentest purchase, and are delivered with volume-based discounts based on pre-sales. If you have more questions, contact us. 

How secure is your organization?