In Cyver Core, gathering scope and project details is managed through a role-based system using two distinct sections within a project's Scope tab: the Assignment and the Client Request.
To maintain clear boundaries and data integrity:
- The Assignment section is a dedicated workspace strictly for Pentesters.
- The Client Request section is a dedicated workspace strictly for Clients to input their requirements.
This guide explains how these two sections function, how to customize them using Request Forms, and how to collect structured client data regardless of who initiated the project.
1. The Core Workspaces: Assignment vs. Client Request
Every pentest project contains a Scope tab, which houses the scoping workspaces. Their behavior depends on the user's role:
The "Assignment" Section (Pentester-Only)
The Assignment acts as the internal scoping document for the pentester team.
- Permissions: It is only editable by pentesters within the Pentester Portal. Clients cannot edit this section.
- Default Behavior: If no custom form is linked, the Assignment automatically populates with standard default questions (e.g., Pentest repetition frequency, Objectives, Type of Testing, Credentials).
The "Client Request" Section (Client-Only)
The Client Request acts as the official record of what the client requires.
- Permissions: It is only editable by client users within the Client Portal. Pentesters can view the submitted data as a Read-Only record but cannot alter it.
- Visibility: This section becomes active when a Client Request Form is linked to the project.
2. Customizing Scoping with Request Forms
You can completely overhaul the default scoping questions by creating custom Request Forms. There is no separate menu for creating an "Assignment Form" versus a "Client Request Form", all forms are built in the exact same place and assigned later.
Creating Forms
Navigate to Settings > Request Forms and click + New Request Form.
Pentester Portal - New Request Form - Under the Form fields tab, customize your questions. You can toggle visibility, edit titles, and add descriptions.
If you enable a field that requires a selection (like When would you like to start?), you must click Add option to define the available answers (e.g., "Right away", "Next month").
Pentester Portal - Request Form fields
Linking Forms to Pentest Templates
To apply your custom forms, you must attach them to a specific pentest template. Navigate to Settings > Pentest Templates, edit a template, and open the Scope tab:
- Choose an Assignment Request Form: Selecting a form here will override the default Assignment questions with your own custom fields for your pentesters to use.
- Choose a Client Request Form: Selecting a form here defines the questionnaire the client must fill out.
3. Collecting Client Requests (Two Workflows)
Cyver Core decouples the Client Request Form from the project creation method. This means you can collect structured data from clients in two different ways:
Workflow A: Project Requested via Client Portal
- The client logs into the Client Portal, clicks Request Pentest, and selects a Request Form.
- The client is guided through a wizard where they fill out the Client Request Form and select target assets.
- Once submitted, the project is generated in the Pentester Portal. Pentesters can immediately review the client's Read-Only submission in the Scope tab and proceed to fill out their internal Assignment details.
Workflow B: Project Created via Pentester Portal
- A pentester manually creates a new project via the Pentester Portal and selects a Pentest Template that has a Client Request Form linked.
- Once the project is created, the client is notified.
- The client logs into their portal, navigates to the active project's Scope tab, and fills out the Client Request section.
- The pentester can now view the client's submitted data in real-time while maintaining their own separate, pentester-only Assignment workspace.