A Look at Cyver Core Features
Cyver Core is a pentest management platform offering pentest-as-a-service, pentest report generation, and pentest automation, designed to help pentesters, pentest teams, and security teams save time on overhead, pentest management, and manual work associated with pentests. The platform is a cloud tool, offering a pentester portal and a client portal – so you can deliver vulnerabilities and findings to clients in the cloud – complete with automatically generated metrics and insights. That combination allows you to save time on managing clients, pentests, and building reports, while offering more value to the client.
This article is a deep dive into our feature set and offerings – if you’d like to see it instead, book a demo to see it in action instead.
Our pentest automation tooling is our attempt to automate pentest reporting. Here, it’s not enough to simply automatically generate pentests from a static document – you have to be able to categorize and map those findings, manage them individually, and import them from your vulnerability library. That’s why our process starts with importing findings from vulnerability scanners. You can upload files from Burp, Nessus, OpenVAS, and others – to directly import findings. Then, you can map those findings to your vulnerability library, edit each manually, and automatically link them to assets tested.
From there, you can automatically map pentests to compliance norms like OWASP Top 10, SANS Top 25, or ISO27001. You can also track the progress of your pentest using integrated checklists, marking what’s been checked and by whom.
Then, when all of the vulnerabilities are in place, you can generate a report from those findings, edit it, and share it to the client. Clients can then access the findings as tickets as well as the PDF report – saving them time over having to break the report down themselves.
Cyver Core also offers pentest team management, making it easier to scale teams and hire on more people. That includes In-app communication and notifications, assignable tasks, pentest checklists, and status updates. The idea is that you always know who’s responsible for a task, if it’s been completed, and what’s happening next, for full transparency across projects, pentesters, and clients.
Projects & Findings Management
Cyver Core’s project management tooling is built around pentesting and the needs of pentests. This includes asset management, project templates to set the scope, checklists, and compliance norms for a pentest, findings management with libraries, labels, and attributes (like CWE and CVE), and project stages mapped to pentesting. This makes it easy to start, track, and progress pentetests with a minimum of manual overhead. Instead, you automatically track progress, document findings, and see checks across projects for full transparency for team leads, for colleagues, and for clients.
Project management includes pentest-oriented calendars and pipeline management, forecasting, and Kanban boards.
Cyver Core’s white label client portal allows you to onboard clients to your own vulnerability management platform. Here, you can deliver findings as tickets, pentest insights with risk maps, prioritization, and time-to-fix, allow clients to request pentests and retests on findings, and allow clients to track the status of vulnerability findings. Metrics are automatically generated from pentest data, meaning you deliver extra value without adding on work.
Plus, with integrated chat, clients can collaborate with pentesters to remediate vulnerabilities, request a retest to ensure a fix, and then update the finding to mark it as fixed. Cyver Core’s pentest pipelines and recurring pentests also make it easy for clients to plan future pentests, improving their asset security while generating longer-term revenue for your team.