Create, manage, and update Pentests from the “Pentests” tab on the left-hand menu. Cyver Core uses building blocks like “Compliance Norms”, “Pentest Templates”, and client “Assets” to automate Pentest setup. Once your basics are in place, you can set up a pentest complete with methodology, scope, and checklists in just a few clicks.
Starting New Pentests
New Pentests can be requested by the pentester or by the client. When requested by the client via Client Portal, it will launch with the status “Requested”, meaning that one of the two parties involved has not yet approved the Pentest.
1. Click “Pentests” from the left-hand menu.
2. Click “+ New Pentest”.
3. Name the Pentest.
4. Set a Pentest Code.
5. Set Pentest Status (Default is “Onboarding”).
6. Choose a Pentest Template from your list of prepared templates.
7. Click “Save”.
If you'd like to further edit the pentest, click on it from the list of pentests for that client. Here, you can make changes to the default template. For example, the pentest template determines pentest lead, the team, and the scope. You can always edit this data by clicking "Actions" and choosing "Edit".
Click on the new Pentest from the list:
- The new Pentest will automatically import settings from the Pentest Template you select, linking in Compliance Norms. You can choose to manually add more using “Checklists”.
- Team – Team includes all roles assigned to the Pentest. Invite more to add colleagues to work on the Pentest, client teams to receive alerts, or stakeholders to monitor results.
- Scope – Scope includes client assets, methodology, and assignment data.
Assignment – Client data added during Pentest setup.
Assets – You can manually add these by clicking, “Select Assets” to choose existing “Assets” assigned to the Client. If the required Assets are not in place, click “Create & Manage Assets” and then click “+ New Asset”. Assets are unique per client and cannot be reused across clients. Pentesters and Clients can add and edit Assets.
Methodology – Specify methodology for the Pentest. Add start/end testing dates, import existing Checklists, add Compliance Norms, or write out custom methodology for the client.
- Checklist – Checklists automatically import Pentest Checklists chosen during Pentest setup. However, you can manually add individual Tasks to the Pentest. Click “+ New Task” to do so.
Assigning Tasks – Scroll to the desired task. Click “...” Under “Actions”, click “Edit” and scroll down. Add a Pentester in "Assigned To" field. This Task will be visible in their “My Tasks” on their Portal. The Pentester can assign a status to the Task as they complete the work.
- Findings – All Findings are visible here. Click “Import/Export” or “+New Finding” to add some.
- Insights – This includes dashboard data for the Pentest.
Summary – Complete Summary with Total Findings and Findings by Vulnerability Type.
Assets – Findings per asset.
Compliance – Each Compliance Norm that is added to the project will have its own section.
Time to fix – Time to fix maps findings by severity and total open days, giving clients an overview of when vulnerabilities become critical.
Risk Summary – Published vulnerabilities with defined likelihood and severity
Reoccurences – Finding reoccurences.
- Report – Generate, view, and download the Pentest Report. You can generate the Report at any time by clicking "Generate Draft Report".
You may customize this before publishing. The Client will not see the Report until you move it to “Published”. Click here to learn how.
- Files – All files attached to the Pentest.
-
Messages – Messages includes a total overview of project communication. This includes User Activity or Full Activity for:
- Pentest Activities
- Finding Activities
- Checklist Task Activities
The messages can be sent as "Internal Message" for Client to Client communication (Not Visible to Pentester) and Pentester to Pentester communication (Not Visible to Client) or "Public" for Pentester/Client communication (Visible to everyone).
To Add Findings
Findings can be imported/exported via CSV, XML, and other importers. You may also manually add findings.
Click here to learn how to manually add findings
Click here to learn how to automatically import findings
Comments
Pentesters and Clients can communicate on the Finding via the Comments. These comments are encrypted.
- Upload screenshots and files
- Share private communication to other Pentesters
Update Finding Status
The Pentester and the Client can update the Finding Status at any time. There are multiple ways to update Finding Status:
Click here to learn more about editing Findings
Team
You may assign teams and team members to the Pentest.
The Client may assign their own teams and team members to the Pentest.
These assigned team members will receive updates and notifications when findings are published, Pentest status changes, etc.
To Add a Team to the Pentest:
- From the Relevant Pentest click "Team".
- Click "+ Add Teams".
- Select an existing Team from the menu and click Save.
To Add a Team Member:
- Click “+ Add Users”.
- You can either select an existing user from the menu or use the search function to find a specific user, and then click Save.
If you want to add a user who is not yet in the system, click “+ Manage Pentester Users” instead.