How it works

Your Pentest-as-a-Service Marketplace

We deliver and manage pentests via our cloud platform, so you get seamless data & collaboration with our pentest partners.

1. Request a Pentest

Onboard to the PentestHero portal, upload assets, and define what you need for your cybersecurity assessment or pentest. With your project scope in place, all you’ll have to do to start the process is request your pentest directly in the portal. You’ll have options to set parameters, choose compliance and security frameworks like OWASP Top 10, select a start date, and hit send. That’s it. We’ll match you to a pentester and they can get started ASAP. 

2. Scope Call & Quote

Your website and applications are unique. That’s why you’ll have a Scoping video call with your pentest partner to finalize details, ensure project scope and timelines are correct and to ask any questions about the project so your pentest goes as smoothly as possible.  You’ll get a Quote with the full project details, methodology, and price.

3. Onboard Your Team 

Add your teams to the pentest project so they get the notifications and insights they need. PentestHero delivers insights during scoping, setup, and through the project. Plus you can assign roles and responsibilities for the project and ensure stakeholders receive notifications, whether they’re compliance officers or devs responsible for remediation.

4. Testing in Progress…

With everything in place, your pentest will start automatically on the scheduled date. Your Pentest Partner will start testing, scans, and any agreed-upon research and all you have to do is wait for results to start coming in.

5. Vulnerabilities & Reporting

Your pentest partner will start to upload found vulnerabilities directly to the PentestHero portal. All you’ll have to do is log in to see vulnerabilities, export tickets to Jira or other tooling, and to see overviews and metrics for your pentest. Once it’s finished, you can easily see the full report – in the portal or as a PDF to share through your organization. 

6. Remediation & Retesting

PentestHero makes remediation part of your Pentest process with time-to-solve metrics and integrated retesting. Our pentest partners will retest findings on request to ensure vulnerabilities are gone and your properties are secure and that’s free for the first 30 days after your pentest.  Your pentest isn’t over until everything has been resolved.  

7. Ongoing Pentesting

Cybersecurity is an ongoing need. Your organization needs consistent, ongoing penetration testing to ensure you remain safe from threats. That’s why we make scheduling your next pentest part of the existing one, so you stay safe with ongoing security audits.  Whether that’s with the same pentest partner for added security, or a new one for a fresh approach, is up to you. 

On-demand pentesting for every scenario

Work with PentestHero and take advantage of having top pentest firms available, on-demand, with results from every test delivered in the same secure cloud platform for easy insights and tracking.