Pentest Checklists can be created manually and linked to Control Groups. For this reason, it’s ideal to create Control Groups before moving on to Pentest Checklists.
Pentest Checklists are visible from the left-hand menu by clicking “Settings”, “Checklist Templates”. These include sets of Tasks, which are automatically linked to Pentests through Control Groups. From there, Pentesters assigned to the Pentest automatically receive Task assignments.
Checklist Templates are organized:
- Checklist (e.g., OWASP ASVS 4.0 L3)
- Task Group (e.g., Security Verification Requirements)
- Task (e.g., Verify cryptographic keys and certificates are unique to each device)
To build a new Checklist Template:
Click “+ New Checklist” to create a new Checklist. This includes:
- Code
- Name
- Description
- Status
- Source Link/external reference
Click “...” on the far right of any existing Checklist to edit or delete
To Add Tasks Groups:
1. Click the newly created Checklist
2. Click “Task Groups”
3. Click “+ New Task Group”
4. Add Data
To Add Tasks:
1. Click the newly created Task Group
2. Click “+ New Task”
3. Add Data
New Checklists are automatically created in “Draft” status. This allows you to take time to build them before making them visible.