Our Report Methodology
Cyver’s Pentest Report
Cyver invests in high quality reporting to ensure you get the information you need from every pentest. That, plus our digital delivery via the pentest platform, means you’ll have clear oversight of vulnerabilities, risks, and compliance needs.
We work with diverse pentest and cybersecurity partners. Therefore, your final report will depend on your partner. However, we strive to deliver our pentest reports within the following guidelines.
We offer clear oversight of the pentest and vulnerability findings in non-technical language. This section of the report is ideal for management and non-technical stakeholders who need an overview of information.
The management summary offers a brief overview of the full pentest, to keep management and stakeholders in-the-know.
See which assets are impacted, relevant criticality, and how vulnerability findings impact risk as a whole.
Finance and Budgeting
Share management summaries with stakeholders responsible for budgeting for future pentests and for remediation.
A full list of findings including risk mapping, for technical readers.
Get a full overview of found vulnerabilities, mapped by criticality, and to assets, for a full risk report card for your organization.
We use CVSS scoring to ensure you always have a way to assess criticality and to prioritize fixes – so devs know where to start.
This section includes a full list of findings without added technical details, for easier reference and management.
Cyver delivers a full list of scope, pentest details, checklists used, etc. as part of the pentest report.
This includes assets checked, the attention payed to each asset, and full details about what was checked and why.
We ensure you know who is pentesting your application and that you can contact them after the fact for help with remediation.
Cyver delivers a full checklist of tasks performed during the pentest, so you can see what was checked and why for better oversight.
Get insight into tooling, source, and approach for the pentest – for transparency, and to enable finding replication.
Meet compliance needs with compliance requirements built into the report. If you’re testing for audit purposes, we add a relevant section to your report to help you pass the audit.
See relevant compliance frameworks used during the pentest so you can easily decide what to show the auditor.
Cyver maps vulnerabilities to your compliance framework, so the report automatically shows how findings fit into compliance.
Show compliance with a full checklist of tasks and assessments performed during the pentest for better transparency during the audit.
Get a full list of vulnerability findings, complete with tickets, replication data, remediation advice, and general information.
Cyver shares all of the information we have on a vulnerability finding including CVSS scores, general information, and CVE listing.
If we have suggestions to remediate a vulnerability, we provide it as part of the report, linked to the relevant finding.
We share methodology and tools used to find the vulnerability, so your devs can more easily find, recreate, and resolve it.
Proof of Findings
We use screenshots, source, and attack paths to show proof of findigns whenever possible to simplify your path to remediation.
When you onboard with Cyver, you get more than a PDF report. We’re proud of our reports. But, we also deliver interactive data, including live findings ast tickets, via our pentest-as-a-service platform.
We upload findings as tickets, linked to assets, rated for criticality – so you can export to Jira, and immediately work on remediation.
Onboard your team, set responsibilities, and we’ll automatically alert stakeholders when their asets have a vulnerability.
See open vulnerabilities at a glance, with metrics showing vulnerabilities by criticality, by asset, and by how long each ohave been open.
Request a Free Sample Report
Request a free sample report to see how Cyver delivers pentest reports. We can also onboard you to our platform, where you can see and interact with sample findings as tickets, compliance data, and the full pentest report.
Need a pentest? Contact us for a consultation
Cyver’s team of pentesters are experts in cyber security, ranging from simple websites to complex infrastructure or applets. Contact us to learn more about how we can help secure your application.
We are here to help
What is a Pentest-as-a-Service
Pentest-as-a-Service combines our human expertise and insight with the convenience of cloud apps and findings-as-tickets. We organize pentests in our cloud platform, Cyver Core, and deliver pentest reports with tickets, so developers and compliance officers can remediate right away. Plus, we offer free insight tooling, so you can see remediation times, risk profiles, and even areas of risk.
When Can You Start?
In most cases, we can start your pentest within 2 weeks. In some cases, we can finalize and deliver your pentest during that time. However, pentest duration depends on the scope of the pentest, your assets, and environments.
Cyver leverages a network of pentesters, allowing us to quicly scale to meet demand. When you need expert pentesters, we can help, and quickly. If you want a quote based on your specific needs and assets, book a demo now for a one-on-one conversation.
How Much Do You Charge for a Pentest?
Cyver uses a credit system to charge a flat rate for our pentests. That means costs are always transparent and you always know what you're paying for. Currently, we charge €329 per pentest credit. Pentests range from 2 credits for a simple 1-website test to well over 40 credits for a large and complex system. Visit our pricing page for more information.
What Does the Platform Look Like?
Visit our How it Works page to see Cyver in action. Or, schedule a demo to see it live. Our platform, Cyver Core, allows you to onboard your full team, assign responsibilities, and see findings results in real time. When we deliver the report, you can export it to a PDF or process it as tickets, linked to tooling like Jira, for faster remediation.