Merge pull request #1178 from Hacker0x01/pentest-docs-updates

Additional Pentest Doc Updates
Hacker0x01 · Oct 2, 2023 · 8f4eb27 · 8f4eb27
2 parents 41a7648 + 7e0e58c
commit 8f4eb27
Show file tree

Hide file tree

Showing 8 changed files with 130 additions and 59 deletions.
diff --git a/docs/organizations/images/pentest-engagement-process.png b/docs/organizations/images/pentest-engagement-process.png
diff --git a/docs/organizations/pentest-deliverables.md b/docs/organizations/pentest-deliverables.md
@@ -7,20 +7,20 @@ id: "organizations/pentest-deliverables"
 HackerOne Platform is a crucial component for delivering an engaging customer experience for the penetration test. We encourage you to use the platform and progress findings while the pentest is in progress, interact with the pentesters, and request any retests. 
 
 At the end of the engagement, you will receive the following documents:
-- A final PDF report that serves as comprehensive documentation reflecting the assessment's findings and recommendations for remediation. The report is meant to be shared with both technical and non-technical stakeholders. Key components of this report include:
- - Executive Summary
+- **A final PDF report** that serves as comprehensive documentation reflecting the assessment's findings and recommendations for remediation. The report is meant to be shared with both technical and non-technical stakeholders. Key components of this report include:
+ - **Executive Summary**
  - An overview of the penetration test.
  - A summarized assessment of the in-scope asset's security posture.
- - Technical Summary
+ - **Technical Summary**
  - Summary of the most severe and most prevalent findings, along with actionable recommendations.
  - Tabular and graphical representation of vulnerabilities identified by severity, along with their respective CVSS score, applicable CWE and current retesting status.
- - Appendices
+ - **Appendices**
  - Scope of the engagement
  - HackerOne's Security Checklists
  - HackerOne's Methodology and Approach
  - Tools leveraged to perform the engagement.
  - Testing team, including the contact information for the assigned Technical Engagement Manager (TEM).
-- A Letter of Attestation that confirms the authenticity and scope contained with the pentest report.
+- **A Letter of Attestation** that confirms the authenticity and scope contained with the pentest report.
  - Customers typically use this short-form document to demonstrate to third parties that they have engaged in pentesting activities, without disclosing detailed information about vulnerabilities.
 
 > ℹ️ **Note:** Once all reported findings in the pentest are retested and deemed fixed by the pentester, you can request to receive a final pentest report indicating the retesting status as “Fixed”.
diff --git a/docs/organizations/pentest-delivery.md b/docs/organizations/pentest-delivery.md
@@ -8,13 +8,35 @@ HackerOne has redefined [traditional pentesting](https://www.hackerone.com/penet
 
 The PTaaS approach goes beyond just finding vulnerabilities. Engaging with our selected pentesters offers valuable insights and learning opportunities for security teams, enhancing application security and validating fixes.
 
-
-| | |
-|-----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **Instant Results** | Get real-time vulnerability alerts and act fast. No more waiting for weeks to understand your security posture. |
-| **Direct Expert Access** | Engage with professional pentesters sourced from a global talent pool, driven to uncover hidden vulnerabilities.<br /><br />Count on HackerOne's Technical Engagement Managers (TEMs) to oversee and ensure seamless test execution. |
-| **Complete Control & Visibility** | Use the HackerOne platform to oversee multiple pentest engagements. Monitor every detail from the initiation to completion.<br /><br />Get a comprehensive view of both utilized and remaining testing hours. Clone previous pentests or base new ones on similar assets. |
-|**Seamless Communication**| Reach out to pentesters and TEMs in real time via the platform or Slack for any queries, clarifications, or added context. |
-|**Comprehensive Reporting**| Obtain a detailed report inclusive of recommendations, tester profiles, assessed scopes, and more at the end of each pentest.<br /><br />Store your reports on the HackerOne platform and access them any time post-testing. |
-|**Customized Summaries**| Download an in-depth summary or a concise attestation tailored for your audience. |
-|**Platform Integrations**| All of our existing integrations apply for HackerOne Pentest including Jira, Gitlab, Github, ServiceNow, and many more. See a full list [here](/organizations/supported-integrations.html). |
+<table>
+<tbody>
+<tr>
+<td nowrap><b>Instant Results</b></td>
+<td>Get real-time vulnerability alerts and act fast. No more waiting for weeks to understand your security posture.</td>
+</tr>
+<tr>
+<td nowrap><b>Direct Expert Access</b></td>
+<td>Engage with professional pentesters sourced from a global talent pool, driven to uncover hidden vulnerabilities.<br /><br />Count on HackerOne's Technical Engagement Managers (TEMs) to oversee and ensure seamless test execution.</td>
+</tr>
+<tr>
+<td nowrap><b>Complete Control & Visibility</b></td>
+<td>Use the HackerOne platform to oversee multiple pentest engagements. Monitor every detail from the initiation to completion.<br /><br />Get a comprehensive view of both utilized and remaining testing hours. Clone previous pentests or base new ones on similar assets.</td>
+</tr>
+<tr>
+<td nowrap><b>Seamless Communication</b></td>
+<td>Reach out to pentesters and TEMs in real time via the platform or Slack for any queries, clarifications, or added context.</td>
+</tr>
+<tr>
+<td nowrap><b>Comprehensive Reporting</b></td>
+<td>Obtain a detailed report inclusive of recommendations, tester profiles, assessed scopes, and more at the end of each pentest.<br /><br />Store your reports on the HackerOne platform and access them any time post-testing.</td>
+</tr>
+<tr>
+<td nowrap><b>Customized Summaries</b></td>
+<td>Download an in-depth summary or a concise attestation tailored for your audience.</td>
+</tr>
+<tr>
+<td nowrap><b>Platform Integrations</b></td>
+<td>All of our existing integrations apply for HackerOne Pentest including Jira, Gitlab, Github, ServiceNow, and many more. See a full list <a href="/organizations/supported-integrations.html">here</a>.</td>
+</tr>
+</tbody>
+</table>
diff --git a/docs/organizations/pentest-methodology.md b/docs/organizations/pentest-methodology.md
@@ -4,7 +4,7 @@ path: "/organizations/pentest-methodology.html"
 id: "organizations/pentest-methodology"
 ---
 
-HackerOne's testing methodologies are grounded in the principles of the OWASP Top 10, Penetration Testing Execution Standard (PTES), Open Source Security Testing Methodology (OSSTM), and are tailored to various assessment types including Web Application, API, Mobile (iOS and Android), External Network, and Internal Network.
+HackerOne's testing methodologies are grounded in the principles of the [OWASP Top 10](https://owasp.org/www-project-top-ten), [Penetration Testing Execution Standard (PTES)](https://pentest-standard.readthedocs.io/en/latest/), [Open Source Security Testing Methodology (OSSTM)](https://www.isecom.org/OSSTMM.3.pdf), and are tailored to various assessment types including Web Application, API, Mobile (iOS and Android), External Network, and Internal Network.
 
 Our methodology is more than just a list of best practices; it's a dynamic, continuously-evolving approach that ensures comprehensive and deep coverage for each engagement. This approach stems from:
 

diff --git a/docs/organizations/pentest-pentesters.md b/docs/organizations/pentest-pentesters.md
@@ -4,7 +4,7 @@ path: "/organizations/pentest-pentesters.html"
 id: "organizations/pentest-pentesters"
 ---
 
-Our pentesters belong to the most prestigious segment within HackerOne, highly esteemed by both testers and the customers they support. Emerging from a broader security researcher network, these experts rise to the top due to their extensive experience in security testing, specialized technical skills, and consistent professionalism. They possess wide-ranging expertise, encompassing web apps, APIs, cloud-to-mobile pentesting, and in-depth knowledge of compliance frameworks, allowing them to conduct thorough audits.
+[Our pentesters](https://www.hackerone.com/sites/default/files/2023-09/HAC_Pentester%20Community_L1R3.pdf) belong to the most prestigious segment within HackerOne, highly esteemed by both testers and the customers they support. Emerging from a broader security researcher network, these experts rise to the top due to their extensive experience in security testing, specialized technical skills, and consistent professionalism. They possess wide-ranging expertise, encompassing web apps, APIs, cloud-to-mobile pentesting, and in-depth knowledge of compliance frameworks, allowing them to conduct thorough audits.
 
 HackerOne selects, verifies, and onboards pentesters for each engagement to guarantee the right talent fit and the most effective results. Here is the strict recruitment process followed by the team: