The Pentest Details provides a comprehensive view of a specific manual pentest, covering its progress, vulnerabilities, details, and key metrics.

Once you start a pentest on your target, understanding the details of the pentest becomes crucial. These details provide insights into vulnerabilities discovered, testing and actionable findings that help strengthen your organization's security posture. This article aims to break down each section of the page to ensure you can utilize the information on the Pentest Details Page to manage your pentest assessments effectively.

What are available actions on pentest detail?

There are 3 main actions available on the pentest details page:

1. Request Re-Scan: You can request a re-scan for a pentest by clicking on the “Request a Re-Scan” button. This will open the re-scan flow.

|| Note: A couple of things to ensure before requesting a rescan

• At least 50% of the vulnerabilities are fixed: This ensures that you make the most of the number of rescans available to you & security engineers are able to re-check maximum vulnerabilities in one go.

• Vulnerabilities are marked as fixed: Under each vulnerability there is an option to Mark Ready for Review', please ensure you've clicked on this for each vulnerability that you've fixed.

2. Reports: You can generate a report summary for a pentest by clicking on the “Reports” button. This will navigate you to the reports page

3. Get Certificate: After a successful Pentest, you can generate a certificate for it by clicking on the Get Certificate button. The validity of the certificate is 180 days.

You will also find 3 key metrics on this section:

• Vulnerabilities Unsolved: The number of unsolved vulnerabilities.

• High Severity Vulnerabilities: The number of high-severity vulnerabilities for this pentest.

• Potential Loss Saved: The estimated financial loss prevented by addressing the vulnerabilities.

Tracking the Progress of the Pentest

To track the progress of a pentest, on the right side, you'll find the Progress widget. This shows the current stage of the pentest with an estimated time of arrival (ETA).

The progress bar provides a visual indication of the pentest status, covering stages such as:

• Starting Scan: Initial setup and preparation for the security assessment.

• Vulnerability Scan: This is a comprehensive phase that involves systematically checking the target system for potential security weaknesses. It includes several sub-steps:

       **a. Network Scanning**: Identifies active hosts, open ports, and services on the network.
       **b. CVEs Scanning**: Checks for known Common Vulnerabilities and Exposures (CVEs).
       **c. Test Cases**: Executes predefined security scenarios to assess system responses.
       **d. Vulnerability Scanning**: Uses automated tools to detect potential security weaknesses.
       **e. Connectivity Check**: Verifies the ability to connect with and access the target system.
  

• Penetration Testing: This is where Astra's security experts actively attempt to exploit vulnerabilities found in the earlier stages. They perform simulated attacks to test the system's defenses and identify potential security weaknesses that automated scans might miss.

• Vulnerabilities Verified: In this step, the team confirms and validates the security issues discovered during scanning and penetration testing. This ensures that reported vulnerabilities are genuine and not false positives.

• Vulnerabilities Reported: This stage involves compiling all the security issues discovered during the scanning and testing phases. The team creates a comprehensive report detailing each vulnerability, its severity, potential impacts, and recommendations for remediation. This report translates technical findings into actionable information, enabling the customer to understand and address the identified security weaknesses effectively.

• Re-Scan: After vulnerabilities have been reported and presumably addressed, a follow-up scan is conducted. This verifies that the fixes have been properly implemented and checks for any new issues that may have arisen.

• Certificate Awarded: This is the final step, likely involving the issuance of a security certification or attestation. It indicates that the system has undergone thorough testing and met certain security standards.

How to improve your security posture with grades?

• We offer a comprehensive approach to assessing and mitigating security vulnerabilities in your applications. As part of this process, we assign a risk score to each reported vulnerability to help prioritize remediation efforts.

• Additionally, we provide a security grade (A through F) to indicate the security level of your target. **You can use this grade widget to address vulnerabilities **and improve your grades for a pentest which eventually will result in better security posture. Improving your grades involves addressing high-severity vulnerabilities promptly. More about grades and their calculation here

Understanding the vulnerability severity heat map

• The Vulnerability Severity graph provides a comprehensive overview of the status and severity of vulnerabilities detected during your pentest.

• This heatmap-style chart helps you quickly assess the criticality and resolution status of each vulnerability, enabling you to prioritize remediation efforts effectively. On this chart, each column represents a different status category for vulnerabilities. While each row represents a different severity level of vulnerabilities. Read more about detailed explanation of each here.

|| Each cell in the heatmap represents the count of vulnerabilities for a specific combination of status and severity, you can view this information by hovering over a cell of the heatmap

Where to view the reported vulnerabilities during the pentest?

• The vulnerabilities section will help you see the reported vulnerabilities for a pentest. Not just that you can now see vulnerabilities based on their current status. Clicking on any row will open up our newly built Vulnerability details sheet, which you can use to see more detailed information about a particular vulnerability.

To understand more about the detailed breakdown of the vulnerabilities statuses and table row, read here. You can also combine power of filters and tables to quickly filter our vulnerabilities that you’re looking for.