Validity of Vulnerability Assessment Report, Vetted Report & Pentest Report

What This Article Covers

This article explains the validity periods for different types of security reports provided by Astra: the Vulnerability Assessment Report, the Vetted Report, and the Pentest Report. It also details the key factors that can invalidate these reports, emphasizing the importance of continuous security testing.

Who Should Read This

This article is for anyone using Astra's security services, including developers, security teams, compliance officers, and business stakeholders, who needs to understand the lifespan and influencing factors of their security assessment reports.

Why This Matters

Understanding the validity of your security reports is crucial for maintaining an up-to-date and effective security posture. Awareness of the factors that can invalidate a report helps ensure continuous vigilance against new threats and changes within your systems, preventing potential security gaps.

Understanding Report Validity

Every Pentest or Vulnerability Scan by Astra comes with a defined validity period. This concept of report validity is a globally accepted norm in cybersecurity, driven by the dynamic nature of threats and system changes.

Several key factors can influence and, in some cases, invalidate the effectiveness of a Pentest, Vetted Report, or Vulnerability Scan:

• Changes in code: Whenever major changes are made to the codebase on which a Pentest or vulnerability scan was conducted, the report's validity is compromised. Newly added code has the potential to introduce new vulnerabilities into the system.

• New vulnerabilities discovered: Thousands of new vulnerabilities are discovered globally every month. This necessitates continuous testing of applications to ensure they remain secure against these newly identified threats.

• Changes in server or infrastructure: Similar to code changes, significant modifications to your infrastructure or hosting environment can also introduce new security vulnerabilities.

Validity of Vulnerability Assessment Report

The Vulnerability Assessment Report is generated directly from Astra's automated scanner. This report includes findings exclusively from our automated vulnerability scanning tools. It's important to note that there is a possibility that this report may contain certain false positives.

• Validity: 14 days

Validity of Vetted Report

Vetted Reports are Vulnerability Assessment Reports that have undergone a thorough review by our security engineers. This review process aims to eliminate any false positives, providing organizations, especially those with lean or no dedicated security teams, with an actionable security posture report that they can confidently work on.

• Validity: 90 days

Validity of Pentest Report

The Pentest Report by Astra Security encompasses a complete penetration test conducted by our security engineers. This comprehensive assessment includes both automated scanning and a meticulous manual audit of your infrastructure to ensure every possible vulnerability is uncovered.

After collaborating with our customers on fixing the identified vulnerabilities, a re-scan is performed to confirm that the remediations are effectively in place. Upon successful verification, a publicly verifiable Pentest Certificate is also issued.

• Validity: 180 days

The publicly verifiable Pentest Certificate also comes with a 180-day validity, which can be extended by following [these steps].

Need help? Raise a support ticket anytime from your Astra dashboard.