Cyver Core’s feature updates & developer log for our pentest management platform. Check back for new updates or subscribe to our newsletter.
More flexible reporting is one of the most in-demand features asked for by our users. That’s especially true for red team and old school pentesting, where the report has to update around the demands of testing that changes based on what you find. If your pentesting...
The pentest report is often the most important part of your pentest, it's the deliverable that the client pays for. For that reason, most pentest firms invest vast amounts of time into the pentest report, ensuring that every detail from layout to informative content...
For many of our clients, Cyver Core is the primary tool you have for managing clients, incoming work, and pentests. That often means having anywhere from a few to hundreds of clients in the platform, complete with their teams, their pentests, and all their assets....
Pentest-as-a-Service delivery means putting project starts in the hands of your clients. The request form in your Cyver Core portal allows your clients to send you a project request, typically based on existing project scope and assets in the portal. That feature...
The pentest report is an import deliverable for most pentesters. That’s true whether you’re doing traditional pentesting, red teaming, purple teaming, or vulnerability assessments. Many clients still want the PDF report – even alongside a portal and findings as...
Cyver Core is designed for pentesters and ethical hackers using their skills to help companies improve their cybersecurity profile. So, it makes sense that our users would want to deliver more than just traditional pentesting reports. In fact, vulnerability...
Cyver Core’s pentest management portal allows you to onboard teams and people or pentest firms and their clients. Originally, that team and user access management was restricted to the pentest management portal, putting the pentester in full control of their client...
Building the pentest report is one of the most time-consuming parts of pentesting. But, for clients testing for compliance or for those who still want a traditional pentest report, you still need the report. That’s why Cyver Core integrates pentest report generation...
Cyver Core’s approach to pentest reporting and delivery shifts the focus away from using a pentest report and towards delivering vulnerabilities as tickets. At the same time, many of our users still deliver a full PDF report to clients for compliance reasons and for...
Working with a pentest management platform means you use standardization to enable automation. That’s the same with any cloud platform, from simple Kanban boards like Trello to advanced enterprise resource management like SAP S/4HANA. Having uniform titles, data...
Qualys is a popular vulnerability assessment tool, used by pentesters to find and quantify devices, systems, and vulnerabilities. It also automatically checks for OWASP Top 10 and other well-defined risks, can track vulnerabilities over time, and integrates into IT...
For many pentesters, building a good pentest report is a crucial part of delivering work. While most ethical hacking lies in finding vulnerabilities and attempting to exploit them, clients never see that work. Instead, they rely on deliverables detailing the data you...
Most pentesters use a vulnerability library to save time when building a report. Here, you normally maintain a collection of descriptions for vulnerabilities you’ve written in the past. Then, when you have a similar vulnerability, you copy-paste that description and...
For many organizations, pentesting means relying on either an internal or external team to test assets, look for vulnerabilities, and exploit anything that is found. Working in teams allows ethical hackers to leverage diverse skill sets and insights, with room to...
With Pentest-as-a-Service it’s more likely that you perform repeat pentests for the same clients over a longer period of time. As you do, repeat or reoccurring vulnerability findings are almost inevitable. When you do, making those reoccurring vulnerability findings...
Pentest-as-a-Service is increasingly in demand by both pentesters and the organizations hiring them. At the same time, not all clients want or need a pentest-as-a-service portal. Moving onto a pentest management platform shouldn’t mean you have to onboard all your...
Pentesting has historically only had one deliverable, a file containing a list of vulnerabilities and how you find them. Traditionally, clients requesting a pentest will take this file, break it down into tasks, and send those to relevant teams. That process, which...
Automating pentest reporting saves considerable time on every pentest. In fact, our data suggests automation saves 79-85% of time on reporting. While Cyver Core uses multiple stages of automation, including...
CVSS Scores are an important part of a quality pentest report – that's why we now offer an integrated calculator in our Findings manager. Simply click the calculator during Findings upload to assess vulnerability score, using CVSS v3.1 standards. ...
Tracking work is a key element of any project management tool, but Cyver Core makes it just a bit easier with tooling dedicated to pentesting. With our new feature, Timeline, you get top-down project views across clients, teams,...