Pentest Templates allow you to set up every detail of your pentest in advance and then quickly create a pentest with that scope, methodology, compliance norms, report template, etc., in place. The pentest template pulls data from the rest of the platform, defining work and task lists, which reports you're using, and much more. Taking the time to set them up means you can plan a new pentest with just a few clicks or can even allow your client's to request specific pentets based on those templates.
Make sure your Compliance Norms and Report Templates are set up before moving into this step.
You can set up as many Pentest Templates as you like. Some examples of customization might include:
- Different Pentest Templates for different Teams and test types run by your organization
- Pentest Templates personalized to each client
Set Up a New Pentest Template
1. Click Settings on the menu
2. Click Pentest Templates
3. Select + New Pentest Template
2. Name your Pentest Template (Normally after the type of pentest, client, team, etc.)
3. Set Default Pentester Teams to select which teams are normally added to projects set up using this template.
4. Add labels. These allow you to filter pentests using this label. However, you'll have to set up labels separately.
5. Set which team is managing this pentest template
Customize Pentest Templates
You can edit any pentest template at any time.
From the Pentest Templates Menu:
1. Click the ... button under Actions
2. Select Edit
Pentest Template Settings
You can individually edit settings for every pentest template to change the default settings on new projects set up with that template.
Workflow
1. Select Workflow from the menu
2. Choose your Workflow Template
3. Add Checklists, you can add as many as you want
4. Add Benchmarks, you can add as many as you want
Findings
Findings settings allow you to set priorities for pentesters, to add a Findings Field template, to select CVSS versions, and to add any compliance norms you might want to use.
1. Set which types of findings you want to prioritize in pentests of this type
2. Add a findings field template from your database
3. Select which CVSS version you'd like to use for pentests of this type
4. Add compliance norms like OWASP Top 10, MITRE ATT&CK, etc., to the project template. You can use as many as you want.
Report
The report section of your pentest template allows you to customize which report(s) you want to add to your project. Make sure you have pentest report templates set up first.
1. Choose if you want to add one or more pentest reports to the report template. You can add up to three report templates to any project and automatically generate three different reports.
2. Select which report template you'd like to use with pentests of this type
3. Adjust settings. E.g., if you want to make new finding evidence instances visible in the report when they are imported
4. Optionally add methodology writeups to share with auto-generated reports
5. Choose whether or not to synchronize methodology dates with planning dates in the portal for pentests of this type
Pentester Portal
Here, you adjust which information is visible to pentesters in pentests of this type.
1. Set tabs. The default are Team, Scope, Checklist, Benchmark, Findings, Insights, Report, Files, Messages, Planning, and Proposal. You can remove any of these.
2. Create columns and default sorting options
You can update views and columns at any time when viewing the pentest. This merely sets default views.
Client Portal
This portal allows you to set up project-specific dashboards for the client, so that they can see project scope, benchmarks, insights, etc. You may want these views to match pentester views or to highlight specific parts of the portal.
In addition, you can set whether clients can:
- Upload findings
- Report/raise findings
Notifications
Set notifications for all pentests created using this project template. Here, you can individually turn client/pentester notifications off and on and individually select which notifications are received.
- New findings
- Finding status updated
- Finding severity updated
- New comment on finding
- New internal comment on finding
- Assigned to a finding
- Pentest created
- Pentest status updated
- New message on pentest
- New internal message on pentest
- Added to a pentest
- Pentest wrokflow task updates
- Assigned to a workflow task
- Assigned a task
You can always edit these settings later or allow users to edit their own notification settings.
Quotes / Proposal
Quotes allows you to link a proposal template from your database to your pentest project. This means that when you create the project or a client requests a pentest, you automatically add the correct proposal with tokens, client information, and pricing.
Custom Fields
Choose from any custom fields you have set up to add new project fields in search.
Learn more about Custom Fields here.