Create, manage, and update Pentests from the “Pentests” tab on the left-hand menu. Cyver Core uses building blocks like “Compliance Norms”, “Pentest Templates”, and client “Assets” to automate Pentest setup. Once your basics are in place, you can set up a pentest complete with methodology, scope, and checklists in just a few clicks.
Starting New Pentests
New Pentests can be requested by the pentester or by the client. They will launch with the status “Requested”, meaning that one of the two parties involved has not yet approved the Pentest.
1. Click “Clients” from the left-hand menu
2. Select the client you would like to set up a Pentest for
3. Click “Pentests” in the client menu
4. Click “+ New Pentest”
5. Name the Pentest
6. Set a Pentest Code
7. Set Pentest Status (Default is “Requested”)
8. Choose a Pentest Template from your list of prepared templates
9. Click “Save”
If you'd like to further edit the pentest, click on it from the list of pentests for that client. Here, you can make changes to the default template. For example, the pentest template determines pentest lead, the team, and the scope. You can always edit this data by clicking "Actions" and choosing "Edit".
Click on the new Pentest from the list:
- The new Pentest will automatically import settings from the Pentest Template you select, linking in Compliance Norms. You can choose to manually add more using “Checklists”
- Team – Team includes all roles assigned to the Pentest. Invite more to add colleagues to work on the Pentest, client teams to receive alerts, or stakeholders to monitor results
- Scope – Scope includes client assets, methodology, and assignment data.
-
-
- Methodology – Specify methodology for the Pentest. Add start/end dates, import existing Checklists, add Compliance Norms, or write out custom methodology for the client.
-
-
- Assignment – Client data added during Pentest setup. Pentesters cannot edit this.
-
- Assets – You can manually add these by clicking, “Select Assets” to choose existing “Assets” assigned to the Client. If the required Assets are not in place, click, “Create & Manage Assets” and then click “+ New Asset”. Assets are unique per client and cannot be reused across clients. Pentesters and Clients can add and edit Assets.
- Checklist – Checklists automatically import Pentest Checklists chosen during Pentest setup. However, you can manually add individual Tasks to the Pentest. Click “+ New Task” to do so.
-
-
- Assigning Tasks – Scroll to the desired task. Click “...” Under “Actions”, click “Edit” and scroll down. Add a Pentester. This Task is not visible in their “My Tasks” on their Portal. The Pentester can assign a status to the Task as they complete the work.
-
- Findings – All Findings are visible here. Click “Import/Export” or “+New Finding” to add some.
- Insights – This includes dashboard data for the Pentest
-
- Summary – Complete Summary with Total Findings and Risk Analysis
-
-
-
-
- Assets – Findings are mapped to assets
-
-
-
-
- Compliance – Findings are mapped to Compliance Norms
-
-
- Solve Time – Solve Time maps findings by severity and total open days, giving clients an overview of when vulnerabilities become critical.
- Report – Generate, view, and download the Pentest Report. Reports are auto-generated using Report Templates and Project Data. Report Data is only editable from the Report Template
- Files – All files attached to the Pentest.
- Messages – Messages includes a total overview of project communication. This includes:
-
- Communication on individual Findings
-
- Client to Client communication (Not Visible to Pentester)
-
- Pentester to Pentester communication (Not Visible to Client)
-
- Pentester/Client communication (Visible to everyone)
To Add Findings
Findings can be imported/exported via CSV, XML, or Excel. You may also manually add findings.
Click here to learn how to manually add findings
Click here to learn how to automatically import findings
Comments:
Pentesters and Clients can communicate on the Finding via the Comments. These comments are encrypted.
- Tag usernames
- Upload screenshots and files
- Share private communication to other Pentesters
Update Finding Status
The Pentester and the Client can update the Finding Status at any time. There are multiple ways to update Finding Status:
Click here to learn more about editing Findings
Team
You may assign team members to the Pentest.
The Client may assign their own team members to the Pentest.
These assigned team members will receive updates and notifications when findings are published, Pentest status changes, etc.
To Add a Team to the Pentest:
- From the Relevant Pentest click "Actions" and choose "Edit"
- Scroll down to "Teams"
- Select an existing Team from the menu
To Add a Team Member:
Click “+ Select User”
Choose an existing user
If you want to add a user who is not yet in the system, click “+ Manage Client Users” instead
Report
You can generate a Report at any time by clicking "Report" in the Pentest Menu and "Generate Report" in the Pentest Report menu.
You may customize this before publishing. The Client will not see the Report until you move it to “Published”. Click here to learn how.