FAQ

Learn More about our Pentest Marketplace

Learn more about our services, offerings, and our Partners. Have a question that’s not on the list? Feel free to get in touch, we’re happy to help.

Why PentestHero Marketplace?

What does partnering with PentestHero really mean for you?

How is PentestHero Different?

PentestHero relies on a network of ethical hackers and consultants. Why work through our marketplace?

Good question! PentestHero offers a combination  carefully selected pentest and security consultant partners and pentest-as-a-service delivered through a cutting-edge cloud platform, Cyver Core. We enable pentest-as-a-service delivery, while giving you access to your choice of top ethical hackers, without changing your pentest portal or delivery methods.

That leads us to our next question:

What is Pentest-as-a-Service?

Pentest-as-a-Service is a relatively new term, but one we believe will be the future of our industry. As-a-Service means having a personalized service, delivered, at-scale to your business by a third-party, on an ongoing basis. Think about your favorite accountancy apps or your favorite “drive” word processor service. And, that’s how we deliver pentests.

Sign up and we’ll partner you with a Pentest team that makes sense to offer ongoing pentests, delivered in the cloud, via an intuitive, modern dashboard. We schedule new pentests as part of the current one, so you always stay up-to-date and always stay secure. And, if your scope, needs or preferences change, you can always add another Pentester to deliver those services for you. You’re not bound to work with one team. 

How Does PentestHero Ensure Reporting Quality?

PentestHero works hard to ensure we partner with quality, dedicated pentesters. We look for hackers, security consultants, and experts with proven experience, an eye for detail, and creative, out-of-the-box thinking. But, our Partner process is just one way we work to ensure the quality of the data we receive.

Frameworks – All pentests are handled using security frameworks such as OWASP10, ISAE3402, ASVS, and others. You can see what we are checking, why, and when it’s tested.

Auto-Imports – Data is automatically imported from tools, removing manual and human error. What you see is what the security consultant sees.

Deliverables that Make Sense – No more sifting through lengthy PDFs, our reports are delivered in real-time via our cloud platfrom, as individual work items. In fact, every vulnerability is delivered as a ticket, which you can import to Jira.

Who Are Your Pentesters?

PentestHero relies on a network of proven pentest firms and ethical hackers. We match the security consultants in our network to our clients on a case-by-case basis, so your pentest partner is always the best fit for your specific cybersecurity needs.

We look for creativity, talent, and expertise. When it comes down to it, we need to be able to say, “Our hackers are better”, because that’s how we keep you safe.

The PentestHero Platform

Fully secure pentesting in the cloud. Great? Now, how does it work?

Can I See the Platform Before Requesting a Pentest?

Yes! Contact us to request your free demo.  

How Does PentestHero Secure Data?

PentestHero Core is fully encrypted using 3DES standards. In addition, we work to ensure that all activities on our platform are fully secure.

We screen new users as part of an onboarding process, require strong passwords during account creation, and utilize strong third-party pentesting for our own site. We utilize secure third-party hosting through Amazon’s Azure service, with additional layers of security to ensure your data is safe. 

How Does PentestHero Deliver Reports?

Moving to our cloud platform means intrinsically changing how you receive Pentest reports. As pentesters and as customers of pentesters (we need security too), we understand how frustrating the reporting process is. Emails and lengthy PDF reports are inconvenient and insecure.  

That’s why we deliver pentest reports in real-time, through the cloud, via our encrypted platform. When you sign up, you onboard relevant developers, link them to roles, and we do the rest.  

When pentest results come in, we automatically upload them to the platform and assign them to your team as work items. Every finding is listed separately, with developer and hacker comments, proof of concept screenshots, and relevant data. Your team can talk with our pentesters in real time, via a completely secure interface.  

And, when you’re ready to update non-tech stakeholders, everything seamlessly exports to beautiful PDF reports, complete with overviews, threat analysis, and custom risk profiles for your organization.  

I'm a Pentester, Can I Use the Platform?

Yes! We developed PentestHero Core to help modernize pentesting. It would be a shame to keep it to ourselves. Visit our sister website at core.pentesthero.cyver.io to learn more.

Our Process

What is working with a pentester via the PentestHero Marketplace like?

What is Your Scoping Process Like?

You begin the scoping process, informing us of what you want tested, how, and why. We can leverage our network to meet almost any pentest and cybersecurity need. You can choose to implement your pentest inside one of our existing frameworks, or fully customize the scope to meet specific needs and specific penetration test goals.  

What is Your Testing Process?

PentestHero relies on a network of penetration testers and cybersecurity consultants. Their methodology will vary depending on your needs and their specializations. Methods, tooling, and approach will depend on your project scope. You will see what we test and how via the platform.  

Can I Communicate with the Pentester?

Yes. Developers can directly communicate with pentesters to ask questions, request clarification, or automatically request a re-audit of remediated findings. Every finding includes a comments page, where stakeholders can communicate directly with pentesters in real time.  

Our Pricing

What does a Pentest cost? Do we charge more for using the marketplace? And, what is our credit system? Keep reading to find out.

What are Pentest Credits

PentestHero scraps traditional budget cycles, empowering devs and design teams to conduct their own pentests. Simply budget pentesting for the whole year, buy credits, and deliver them to dev teams. Developers can then plan and launch their own pentest cycles around application changes and updates, without delays and bottlenecks of finance and budgeting. Best of all, pricing stays the same, even if you switch pentesters or work with more than one cybersecurity team. 

What do Credits Cost?

Credits are 329 EUR each. We also offer volume discounts.

How Many Credits Do I Need

The PentestHero Marketplace uses a simple pricing scheme. We factor in the complexity and size of your website alongside the security level to determine how many credits you need. Simple web application pentests start at 2 credits. If you’re not sure what you’ll need, schedule a call with us and we can help you set a budget. 

Are Credits Refundable?

No. All credits are final sales. You may qualify for a refund if work is undeliverable or otherwise unsatisfactory, in line with our Terms of Service. Otherwise, all credits are seen as a pentest purchase, and are delivered with volume-based discounts based on pre-sales. If you have more questions, contact us.

How Long are Credits Valid?

Credits remain valid for 2 years after purchase. Unfortunately, there is no refund for expired credits. However, we will reccomend a credit purchase based on your total volume of usage over a 1-year period. If you’d like to maximize your volume discount, we reccommend looking at your pentesting schedule for a maximum of a two year period.

Can I Upgrade My Pentest?

What if you want to upgrade from a Level 1 to a Level 2 pentest? Contact us to let us know. We’ll prorate the cost of the current pentest with the cost of the new one – so upgrades are as efficient as possible.

Is Retesting Included in the Cost?

All pentesters on the PentestHero Marketplace factor retesting into their initial rates. This means that the upfront budget includes a single round of retesting, within 30 days of the initial pentest. Developers can request retests directly through the platform, for truly collaborative pentesting.

Can I Get a Volume Discount?

Yes! Cut costs across large projects with volume credit discounts. Organizations with multiple digital assets or those budgeting for the year can commit to a larger number of pentests at once, allowing us to offer a volume discount, so we fit better into your budget and cybersecurity cycles. 

Am I Paying for the Platform?

No. We offer platform access as a free service to all our clients. We pay for the platform by offering it as a premium application for other pentesters who also want to deliver Pentest-as-a-Service on our marketplace. 

What Billing Methods Do You Accept?

You pay your PentestHero Marketplace bill with Stripe, which offers secure payment processing. We accept most popular payment forms includign credit and debit cards, SEPA debit, iDEAL, bank transfer, and more. We also use IBAN bank transfers in supporting regions. PentestHero will pay your pentesters ourselves, so you always have the same invoice no matter which pentesters you work with.