Frequently Asked Questions
Everything you need to know about Hacker Bot.
Frequently Asked Questions
Everything you need to know before running Your First Attack Free.
Still have questions?
Get in touchSecurity & Privacy
How do you protect my scan data?
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We operate on a need-to-know basis internally, with strict access controls. Scan data is automatically purged after your retention period expires.
Do you store my source code?
No. We never store your source code. For authenticated scans requiring credentials, we use secure vaults with automatic rotation. All sensitive data is encrypted and isolated per customer.
Can I get a DPA or security questionnaire?
Yes. Enterprise customers can request a Data Processing Agreement, and we provide completed security questionnaires (CAIQ, SIG, VSA). Contact enterprise@hackerbot.io for these documents.
Technical
What languages and frameworks do you support?
We test the running application, not source code, so we support any web application regardless of language or framework. This includes React, Vue, Angular, Node.js, Python, Ruby, Go, PHP, .NET, Java, and more.
Can you test mobile apps?
We test the API backends that mobile apps communicate with. For the mobile app binary itself, we recommend specialized mobile security testing tools, though we can provide referrals.
How do authenticated scans work?
You provide credentials or session tokens through our secure credential vault. We use these to test authenticated portions of your application, simulating what a logged-in attacker could do.
Can I exclude certain endpoints?
Yes. You can configure exclusions by URL pattern, parameter, or method. Common exclusions include logout endpoints, payment processors, and third-party widgets.
Do you support GraphQL?
Yes. We have specialized testing for GraphQL APIs, including introspection analysis, query depth attacks, batching vulnerabilities, and authorization bypass attempts.
Billing & Plans
Can I change plans anytime?
Yes. You can upgrade or downgrade at any time. Upgrades take effect immediately with prorated billing. Downgrades take effect at your next billing cycle.
What payment methods do you accept?
We accept all major credit cards (Visa, Mastercard, American Express) and can arrange invoicing for annual Enterprise contracts. We use Stripe for secure payment processing.
Is there a free trial?
Yes. All plans include a 7-day free trial with full access. No credit card required to start. You can also run Your First Attack Free without signing up.
Do you offer discounts for startups?
Yes. We offer 50% off for the first year for startups in recognized accelerators (YC, Techstars, etc.). Contact us with proof of enrollment.
What happens if I exceed my scan limits?
We'll notify you when you're approaching limits. You can upgrade anytime, or scans will pause until your next billing cycle. We never charge overage fees without explicit approval.
Integration & Workflow
How does the GitHub integration work?
Connect your repo, and findings appear as GitHub Issues with full context. You can also run scans from GitHub Actions, block PRs with critical findings, and auto-close issues when vulnerabilities are fixed.
Can I integrate with Jira?
Yes. We support bidirectional Jira sync—findings create tickets, and status updates flow back. We also integrate with Linear, Asana, and other project management tools.
Do you support CI/CD pipelines?
Yes. We provide GitHub Actions, GitLab CI, and generic webhook integrations. You can fail builds on critical findings or run scans on every deploy.
Can I export reports?
Yes. Export findings as PDF, JSON, CSV, or SARIF format. Reports include executive summaries, technical details, and remediation guidance suitable for different audiences.
Still have questions?
Can't find what you're looking for? We're here to help.