Cyver Core’s feature updates & developer log for our pentest management platform. Check back for new updates or subscribe to our newsletter.
Working with a pentest management platform means you use standardization to enable automation. That’s the same with any cloud platform, from simple Kanban boards like Trello to advanced enterprise resource management like SAP S/4HANA. Having uniform titles, data...
Qualys is a popular vulnerability assessment tool, used by pentesters to find and quantify devices, systems, and vulnerabilities. It also automatically checks for OWASP Top 10 and other well-defined risks, can track vulnerabilities over time, and integrates into IT...
For many pentesters, building a good pentest report is a crucial part of delivering work. While most ethical hacking lies in finding vulnerabilities and attempting to exploit them, clients never see that work. Instead, they rely on deliverables detailing the data you...
Most pentesters use a vulnerability library to save time when building a report. Here, you normally maintain a collection of descriptions for vulnerabilities you’ve written in the past. Then, when you have a similar vulnerability, you copy-paste that description and...
For many organizations, pentesting means relying on either an internal or external team to test assets, look for vulnerabilities, and exploit anything that is found. Working in teams allows ethical hackers to leverage diverse skill sets and insights, with room to...
With Pentest-as-a-Service it’s more likely that you perform repeat pentests for the same clients over a longer period of time. As you do, repeat or reoccurring vulnerability findings are almost inevitable. When you do, making those reoccurring vulnerability findings...
Pentest-as-a-Service is increasingly in demand by both pentesters and the organizations hiring them. At the same time, not all clients want or need a pentest-as-a-service portal. Moving onto a pentest management platform shouldn’t mean you have to onboard all your...
Pentesting has historically only had one deliverable, a file containing a list of vulnerabilities and how you find them. Traditionally, clients requesting a pentest will take this file, break it down into tasks, and send those to relevant teams. That process, which...
Automating pentest reporting saves considerable time on every pentest. In fact, our data suggests automation saves 79-85% of time on reporting. While Cyver Core uses multiple stages of automation, including...