Organizations want and need recurring pentests. Cybersecurity needs are ongoing, compliance needs are ongoing. But, pentests are often a one-touch operation, where the organization contacts a pentest team when they need a pentest and not before. Many clients continue to go back to the same pentester but many others do not. That’s despite the fact that they often need the exact same penetration tests performed at intervals, for either security, compliance, or both.  

Pentest management tools like Cyver Core allow you to automatically deliver recurring pentesting as part of your existing service. Once you onboard clients to your platform, you can track when they need a pentest, what type of pentest they need, and automatically schedule in new pentests when wrapping up the old one. This works to keep your pipeline full with secure contracts and ensures clients stay secure and ready for their next audit.  

Automatically Meeting Compliance Needs 

Any organization needing a compliance pentest is going to need another in a year. Unfortunately, most organizations wait to schedule their pentest until the last minute. Scheduling new pentests in as part of a recurring cycle, means their compliance pentest is always in the pipeline.  

Cyver Core allows you to set a new date for an upcoming pentest when ending the old pentest, automatically scheduling the next one in. When the client needs to pass another audit, they’ll already be prepared, saving them time, improving efficiency, and ensuring they’re more prepared for the audit.  

Delivering Pentest-as-a-Service  

Pentest-as-a-Service changes how you deliver pentests. Rather than writing up a report and delivering a PDF in a single touchpoint, you deliver pentest results as tickets. Cyver Core makes this easy with the addition of digital vulnerabilities libraries, templates, compliance frameworks, and pentest report templates to make pentest report automation as easy as possible. Additionally, you can upload manual results and load data from a vulnerabilities library or import findings in bulk from a tool.  

You can also:  

  • Deliver multiple pentest reports, including traditional PDF  
  • Map findings to compliance frameworks  
  • Manage vulnerability status 

Most importantly, the uploaded vulnerabilities remain in the platform, allowing you to see risk profile, common issues, and time-to-fix. The client also gets this data, which you can offer as a free service. But, it means that you can quickly and easily copy data from one pentest to the next, using the same pentest template to quickly set up and deliver a new pentest, with minimal interaction required from the client.  

The end-goal is, of course, to ensure better security. And, that becomes easier as you perform repeat pentests across the same organization. You know what their risks are, you offer information they need to remediate, and you might even retest. So, you can easily scale up pentesting to meet their needs as they harden their environments, providing ongoing and improving security over time.  

Setting Up Recurring Pentests in Cyver Core

Setting up recurring pentests in Cyver Core is a simple process of using “Pentest Templates” with Cyver Core’s built-in scheduling and calendar tools.  

Setting up Pentest Templates in Cyver Core

Pentest Templates link Compliance Norms to Report Templates and categorize which types of Findings you’re looking for. Make sure your Compliance Norms and Report Templates are set up before moving into this step.  

  1. From Settings, click Project Templates:  
Screen_Shot_2020-06-12_at_11.46.09_PM.png

2. Click “+ New Pentest Template”   

Screen_Shot_2020-06-12_at_11.46.30_PM.png

3. Name your Pentest Template (Normally after the type of pentest, client, team, etc.)   

4. Set Findings options. This sets priorities for Pentesters Screen_Shot_2020-06-12_at_11.46.50_PM.png 

5. Choose Checklists. Type the name of a Checklist already in your database.   

6. Select Compliance Norms. Type the name of the Compliance Norm already in your database. There is no limit to the number of Compliance Norms you can add to a Pentest Template  

Screen_Shot_2020-06-12_at_11.47.03_PM.png

7. Select a Team. Type the name of a team already in your database . This Team will receive notifications, alerts, and Tasks for Pentests created with this Pentest Template. Screen_Shot_2020-06-12_at_11.46.54_PM.png 

8. Select a Report Template, either by typing the name or from the dropdown menu   

9.  Add Methodology Data 

10. Click “Save” 

Setting up Scheduling  

Pentest scheduling is built in as the last step in our standard Pentest workflow. During reporting, the client can automatically schedule their next pentest, right in the platform. The schedule uses the existing Pentest Template and associated teams – which means you may want to establish a process to verify teams and contacts are the same.  

If you want to learn more, visit our features page. Or contact us for a free demo. And, you can always sign up to Cyver Core for a no-obligaton, 30-day free trial of the full platform.