Cyver’s pentest portal allows you to request pentests from us at the click of a button. A new pentest creates a new project from your project template, with your assets, scope, and project team added into the project. That’s ideal for many types of pentests, especially when you want yearly pentests for DigiD or other compliance, a one-off test, or other similar non-repeatable tests.
However, many of our clients test using a more ongoing case scenario. For example, you want to routinely scan your apps, you want to test at every release, or you want a monthly or quarterly pentest of your environment. Our pentest dashboard now allows you to set up this kind of pentest, with all of your results in one project – so you can seamlessly see results from every pentest run, compare results, and see new findings, resolved findings, and even failed fixes.
What is a Continuous Project?
A continuous pentest project functions just like the existing pentest projects in your Cyver Dashboard. However, instead of restarting the project each time you want to run a new pentest, you have a new run of the test inside the same project. This means that you have one open project, no need to set up projects and notifications again, and instead get everything in one place. That’s ideal for scans, regular cybersecurity assessments, and even full pentests if you want them to occur on a quarterly basis.
One Project for Every Pentest Run
What’s the benefit of having one project for every pentest run? The largest is that your data is aggregated into a single place. Most importantly new findings are uploaded to the portal and merged with existing ones. If we find 27 vulnerability findings on our first run, you get 27 findings added to the project. The team can then work to remediate those. Let’s say you mark 6 of them as remediated, meaning you have 21 original findings. The new test, however, shows that 2 of the remediated vulnerabilities are still there. In addition, it finds three new findings. So, your total number of findings would go to 26.
- Findings are aggregated, one vulnerability is one ticket
- You can always see which runs the finding showed up on in the portal
- Teams can more easily track when vulnerabilities are remediated
- The project functions as an open vulnerability log for vulnerability management for the application or module
Essentially, you get quick insight into how many vulnerabilities are open on your asset. You also get better insight into what’s new from each run of the test, because you don’t have to compare between reports, everything is simply aggregated into a single report.
Making the Most of Continuous Projects
If you’re setting up a scan or an ongoing pentest project with Cyver, continuous projects are a great option. However, you’ll want to ensure your team is making the most of the project. That means:
- Onboarding the team onto the project so they can see and manage vulnerabilities.
- Asking the team to mark vulnerabilities as remediated when they are remediated
- Aligning scheduling with team sprints, so new vulnerabilities can be immediately added to the new sprint
Continuous projects make it easy to track vulnerabilities and how they change over time. That makes them ideal for teams actively trying to remediate findings. However, you can also use them for compliance and regulatory purposes, with monthly reports and dashboards you can share with your auditor.
If you’d like to learn more about continuous projects and how you can use them for your team, contact us for a demo, or ask us to set one up for your next scan.