Every Pentest is shared using a “Status”. Statuses effect what can be done in the Pentest, who can see the Pentest, and how the Pentest shows up to Pentesters and Clients. The Pipeline Wizard automatically updates Pentest Status as Pentesters and Clients mark tasks as completed. It’s also possible to manually update the Status.
Currently, Cyver Core supports 8 Pentest Status options.
- Requested – The Pentest has been requested and is pending approval. This is the default status for a new Pentest. Pentests can be created by Client and Administrator roles.
- Scheduled – The Pentest has been accepted by both organizations involved and has been scheduled into the backlog but Pentesters are not assigned Tasks. Scheduled Pentests are visible to Client, User, and Pentester roles.
- Onboarding – The Pentest is kicking off. Pentesters receive alerts of new Tasks and timelines. Tasks and Pentests move into the Pentester’s “My Tasks” in the portal. Any scheduled meetings take place. The client delivers access and permissions needed for onboarding.
- In Progress – Most active work is Pentester-related. Pentesters see open Tasks and Objectives in their Cyver Core portal. Pentesters can update these Tasks as they are completed. Clients see Task status and any published Findings.
- Remediation – Pentesters have finalized and published Findings related to Tasks. Remediation marks the Pentest as complete. All open Tasks are moved out of the Pentester’s backlog. Client and User Roles see related Tasks in their Cyver Core portal along with any published Findings and developer information.
- Offboarding – The Client signals they are happy with work. Pentesters wrap up the Pentest, return permissions, and schedule a follow-up Pentest for the Client at a later stage. You can generate reports from this stage.
- Done – The Pentest is marked as completed and no open Tasks or Findings show for either the Pentester or the Client. This remains in the system unless deleted. Finalized Pentests are visible to all users. This allows Pentesters and Clients to access and use past Pentest data.
- Cancelled – Pentest has been cancelled by the Client or the Pentester. All Tasks become inactive. Cancelled Pentests are visible to Client, User, and Pentester roles.
Status updates make it easier to manage Pentests, their progress, and who is responsible for next steps at any given time. Status updates also change who can see Findings and Tasks, and in what context.
Pentest Workflow
The Pentest Workflow uses a series of Checklists to guide Pentesters and Clients through the steps of each Status.