Pentest List
The Pentest List Page offers a detailed overview of all your ongoing, reported, re-scanned, and completed manual pentests. This centralized view allows you to track and manage the security assessments across your targets effectively. This article aims to break down each section of the page to ensure you can efficiently manage and monitor your manual pentests across your targets.
Pentesting, short for penetration testing, is a crucial practice in cybersecurity aimed at identifying vulnerabilities in software applications, networks, or systems. By simulating real-world attack scenarios, pentesters assess the security posture of an organization, helping to proactively detect and mitigate potential risks.
To understand whether your organization needs a pentest or not, you can check out our detailed guide here. With this knowledge, you can effectively use our Pentest List Page to streamline the management and monitoring of your pentests across various targets
To start a pentest, click the 'Start a Scan' button to initiate a new scan from available scan types. You can also review vulnerabilities across your targets by selecting 'View Vulnerabilities,' which will direct you to the Vulnerabilities page.
The stats bar shows how many pentests have been conducted in the past 30 days, past year, and overall. These numbers include all pentests across different categories, giving you a comprehensive view of your security efforts
After starting a pentest on your targets, it progresses through various stages. To help you manage these stages effectively, we've organized them into categorized tables.
Here's a breakdown of each stage:
In Progress:
This is the first stage of the pentest. When you initiate a pentest, it enters an "In Progress" state, during which we conduct thorough vulnerability scanning, penetration testing, and vulnerabilities verification on your target.
To calculate the ETA for your pentest, we not only consider the steps mentioned above but also include two rounds of internal assessment by our security analysts before reporting bugs to you.
Note: The ETA is until the pentesters submits the vulnerabilities to you, i.e the pentest is moved to Vulnerabilities Reported
On the left side of the sectioned table, we have a "Go-to Section." You can use this section to quickly navigate to any sectioned table without having to scroll. Once the vulnerabilities are reported to you, your pentest will move to the next stage
Vulnerabilities Reported:
After the "In Progress" state, your pentest moves to this stage. This stage comprises two steps. The first step involves our analysts reporting the vulnerabilities to you. The second step occurs after you fix the reported vulnerabilities and request a re-scan.
Now our analysts have reported vulnerabilities on your target, it’s time for you to fix the reported vulnerabilities. As you solve the vulnerabilities make sure to mark each of them as “Mark for Review”. Once you've fixed the reported vulnerabilities during a Pentest, you can request a re-scan.
Note: A couple of things to ensure before requesting a rescan
At least 50% of the vulnerabilities are fixed: This ensures that you make the most of the number of rescans available to you & security engineers are able to re-check maximum vulnerabilities in one go Vulnerabilities are marked as fixed: Under each vulnerability there is an option to 'Ask for review', please ensure you've clicked on this for each vulnerability that you've fixed.
You can easily request a re-scan by clicking on the "Re-scan" button on the row or from the Manual Pentest Details page. You can also use “Load more” button at the bottom of this table to view more pentests
Re-scan In Progress:
Once you initiate a re-scan request, your pentest will move to the "Re-scan in Progress" stage. During the rescan our security engineers will verify the fixes your engineers have put in place for the reported vulnerabilities. Once the re-scan is completed, if any vulnerabilities are still found, you can fix them and request a second re-scan. We offer up to two re-scans per pentest. If there are no fixes found during the re-scan your pentest will move to the next stage.
Completed:
This is the final stage of the pentest lifecycle. After the re-scan, your pentest will move to the "Completed" section with the progress set to 100% and marked as completed.
Once your scan is in the completed state, you can generate a report and a verified certificate of your pentest.
In case you want to delete a pentest, use the kebab menu (3 dot button) available on each row to see the option of deleting a pentest. You can also user other options like search bar, sort by and filters to filter or search for specific pentests within the Pentest list page
Search Bar: The search bar allows you to find specific pentests by scan name.
Sort By: You can also sort the pentests by newest to oldest and also oldest to newest pentest
Filters: You can filter the manual pentest list by progress of the manual pentest with values In progress, Vulnerabilities Reported, etc and by ETA with values like pending, on track, etc
Each row in the table contains important information about a pentest, let’s understand each attributes one by one:
Scan information: The first column of the pentest row has information regarding the scan name, scan ID and start date & time
Target Name: The second column shows the target name and also the target type, in the above snapshot it’s web app target type with name Source Scan Code
Progress and State: This column represents the progress of the scan, below the percentage we have the step in which the pentest currently is
Vulnerabilities Count: This column is the aggregate of the vulnerabilities found during the pentest below it you can find the vulnerabilities break-up by severity.
You can click the title of each pentest to open the Pentest details page
You can only see pentests once you verify that the target has been set up and is active. Then click “Start a Scan” and initiate a new pentest. Once the pentest scan is initiated, it will appear on the pentests list page.
Pentesting, short for penetration testing, is a crucial practice in cybersecurity aimed at identifying vulnerabilities in software applications, networks, or systems. By simulating real-world attack scenarios, pentesters assess the security posture of an organization, helping to proactively detect and mitigate potential risks.
To understand whether your organization needs a pentest or not, you can check out our detailed guide here. With this knowledge, you can effectively use our Pentest List Page to streamline the management and monitoring of your pentests across various targets
How to start a Pentest?
To start a pentest, click the 'Start a Scan' button to initiate a new scan from available scan types. You can also review vulnerabilities across your targets by selecting 'View Vulnerabilities,' which will direct you to the Vulnerabilities page.
What information is shown on the Pentest list?
Key Metrics & Summary
The stats bar shows how many pentests have been conducted in the past 30 days, past year, and overall. These numbers include all pentests across different categories, giving you a comprehensive view of your security efforts
Sectioned Tables to Understand Different Stages of a Pentest
After starting a pentest on your targets, it progresses through various stages. To help you manage these stages effectively, we've organized them into categorized tables.
Here's a breakdown of each stage:
In Progress:
This is the first stage of the pentest. When you initiate a pentest, it enters an "In Progress" state, during which we conduct thorough vulnerability scanning, penetration testing, and vulnerabilities verification on your target.
To calculate the ETA for your pentest, we not only consider the steps mentioned above but also include two rounds of internal assessment by our security analysts before reporting bugs to you.
Note: The ETA is until the pentesters submits the vulnerabilities to you, i.e the pentest is moved to Vulnerabilities Reported
On the left side of the sectioned table, we have a "Go-to Section." You can use this section to quickly navigate to any sectioned table without having to scroll. Once the vulnerabilities are reported to you, your pentest will move to the next stage
Vulnerabilities Reported:
After the "In Progress" state, your pentest moves to this stage. This stage comprises two steps. The first step involves our analysts reporting the vulnerabilities to you. The second step occurs after you fix the reported vulnerabilities and request a re-scan.
Now our analysts have reported vulnerabilities on your target, it’s time for you to fix the reported vulnerabilities. As you solve the vulnerabilities make sure to mark each of them as “Mark for Review”. Once you've fixed the reported vulnerabilities during a Pentest, you can request a re-scan.
Note: A couple of things to ensure before requesting a rescan
At least 50% of the vulnerabilities are fixed: This ensures that you make the most of the number of rescans available to you & security engineers are able to re-check maximum vulnerabilities in one go Vulnerabilities are marked as fixed: Under each vulnerability there is an option to 'Ask for review', please ensure you've clicked on this for each vulnerability that you've fixed.
You can easily request a re-scan by clicking on the "Re-scan" button on the row or from the Manual Pentest Details page. You can also use “Load more” button at the bottom of this table to view more pentests
Re-scan In Progress:
Once you initiate a re-scan request, your pentest will move to the "Re-scan in Progress" stage. During the rescan our security engineers will verify the fixes your engineers have put in place for the reported vulnerabilities. Once the re-scan is completed, if any vulnerabilities are still found, you can fix them and request a second re-scan. We offer up to two re-scans per pentest. If there are no fixes found during the re-scan your pentest will move to the next stage.
Completed:
This is the final stage of the pentest lifecycle. After the re-scan, your pentest will move to the "Completed" section with the progress set to 100% and marked as completed.
Once your scan is in the completed state, you can generate a report and a verified certificate of your pentest.
In case you want to delete a pentest, use the kebab menu (3 dot button) available on each row to see the option of deleting a pentest. You can also user other options like search bar, sort by and filters to filter or search for specific pentests within the Pentest list page
Search Bar: The search bar allows you to find specific pentests by scan name.
Sort By: You can also sort the pentests by newest to oldest and also oldest to newest pentest
Filters: You can filter the manual pentest list by progress of the manual pentest with values In progress, Vulnerabilities Reported, etc and by ETA with values like pending, on track, etc
Breakdown of pentest table row
Each row in the table contains important information about a pentest, let’s understand each attributes one by one:
Scan information: The first column of the pentest row has information regarding the scan name, scan ID and start date & time
Target Name: The second column shows the target name and also the target type, in the above snapshot it’s web app target type with name Source Scan Code
Progress and State: This column represents the progress of the scan, below the percentage we have the step in which the pentest currently is
Vulnerabilities Count: This column is the aggregate of the vulnerabilities found during the pentest below it you can find the vulnerabilities break-up by severity.
You can click the title of each pentest to open the Pentest details page
Frequently Asked Questions(FAQs)
1. Why can’t I see any pentests?
You can only see pentests once you verify that the target has been set up and is active. Then click “Start a Scan” and initiate a new pentest. Once the pentest scan is initiated, it will appear on the pentests list page.
Updated on: 24/09/2024
Thank you!