With Pentest-as-a-Service it’s more likely that you perform repeat pentests for the same clients over a longer period of time. As you do, repeat or reoccurring vulnerability findings are almost inevitable. When you do, making those reoccurring vulnerability findings visible to the client is important.
That’s why Cyver Core now enables you to flag new occurrences of existing findings, adding new data and notes to the same ticket. If the Finding has been closed, you can simply re-open it and add the new occurrence, whether in the same asset or not.
In addition, with the Merge Findings feature, you can upload Findings directly from your tooling like Burp or Nessus, merge findings found in multiple tools, and then merge a finding recurrence with the existing ticket.
Clients might want to know about recurring findings because:
- They implemented a fix, but an update restores the vulnerability
- A fix doesn’t work
- The same vulnerability appears in new parts of the application/infrastructure
- The vulnerability has not been remediated
- A fix is already underway but not yet implemented
In each of these cases, knowing that the finding is a recurrence would allow the client to take better steps to improve their security over treating it as a new vulnerability finding. The end result, your client is better able to secure their environment.
If you’d like to learn more, download our Product Feature Tour or schedule a demo.