How to extend the validity of Astra's Pentest Certificate?
After a successful Pentest, a publicly verifiable Pentest certificate is issued which looks like this. The validity of the certificate is 180 days. There are two ways validity of the certificate can be extended for another 180 days:
Getting a Vetted scan: If you have been issued a Pentest certificate by Astra in the last 180 days, then you can request a vetted scan from your dashboard. This will ensure that any new features you might have built in the last 180 days are also scanned for vulnerabilities, post which our security engineers will vet the scan results and extend the certificate validity by another 180 days. You will have to request engineers to review certificate validity post they're done with vetted scan.
If there is any critical, high or medium (if it has an exploitation potential) severity vulnerability found post the vetted scan, you will have to fix those vulnerabilities before a pentest certificate extension is issued.
Getting another Pentest: If the Pentest certificate issued to you was more than 180 days old, you need to get another Pentest done so that our engineers are able to review the security of the application before issuing another certificate. You can get another Pentest by clicking the 'Add New Target' button as shown below.
We are happy to offer a 20 day grace period in addition to the 180 day limit within which you can extend the Pentest certificate.
If there are major releases, a number of new features or a complete new version of your application since the last pentest, in those cases you will need to go with option 2 of getting another Pentest. This is to ensure that certificate is only issued after a thorough testing of the application/asset.
Getting a Vetted scan: If you have been issued a Pentest certificate by Astra in the last 180 days, then you can request a vetted scan from your dashboard. This will ensure that any new features you might have built in the last 180 days are also scanned for vulnerabilities, post which our security engineers will vet the scan results and extend the certificate validity by another 180 days. You will have to request engineers to review certificate validity post they're done with vetted scan.
If there is any critical, high or medium (if it has an exploitation potential) severity vulnerability found post the vetted scan, you will have to fix those vulnerabilities before a pentest certificate extension is issued.
Getting another Pentest: If the Pentest certificate issued to you was more than 180 days old, you need to get another Pentest done so that our engineers are able to review the security of the application before issuing another certificate. You can get another Pentest by clicking the 'Add New Target' button as shown below.
We are happy to offer a 20 day grace period in addition to the 180 day limit within which you can extend the Pentest certificate.
If there are major releases, a number of new features or a complete new version of your application since the last pentest, in those cases you will need to go with option 2 of getting another Pentest. This is to ensure that certificate is only issued after a thorough testing of the application/asset.
Updated on: 10/08/2022
Thank you!