Features
A Complete Pentest Management Platform
Scoping
No more Scope creep
Take control of pentest projects and management with asset management, clearly defined pentest goals, and methodology worked directly into the Statement of Work so projects stay on budget, on time, and in scope.
Asset Management
Upload assets and access management and link these as targets into pentest projects, so scope and target are fully defined before work starts.
Customer Portal
Onboard stakeholders to the client portal, so everyone can see work, methodology, assets, & timelines, with direct communication to pentesters.
Quotes & Credits
Generate quotes to request signature for pentests and scope changes. Plus, with credits, allow stakeholders to pay for pentests and changes right away.
Statement of Work
Deliver clear Statements of Work complete with full pentest scope and get sign-off on work to be completed before starting the pentest.
Checklists & Benchmarks
Structure your Testing Methodology
Gain real pentest oversight & insight with team and task management tooling. Cyver Core’s pentest management platform enables accountability and transparency across projects.
Benchmarks
Map findings to controls like CIS Benchmarks, SANS Top 25, or ISO27001 complete with pass/fail ratings to help clients stay secure.
Workflows
Build custom workflows based on how your team pentests, to deliver traceability, and predictability to your team and your clients.
Pentest Checklists
Deliver accountability and save time with customizable pentest checklists for OWASP Top 10, OWASP Testing Guide, ASVS & more.
Task Assignment
Assign & schedule work, request reviews, and collaborate on pentesting & pentest reporting no matter the size of your team(s).
Vulnerability Management
Your tools, Your work, in one place
Integrate your tools, content, and vulnerability libraries, automatically import from tooling, and deliver every finding as a ticket with remediation and long-term tracking.
Vulnerability Libraries
Import and build vulnerability libraries to automatically populate new findings with data, so you re-use writeups and expertise again and again.
Upload Files
Upload files directly from tools like Burp, Nessus, Qualys, & more, batch import, or automate with API and merge new imports with existing library content.
GenAI Copilot
Automatically generate vulnerability writeups and reccomendations based on industry best practices with our GenAI copilot, edit, and publish in a few clicks.
API & Custom Files
Automate imports, project creation, and vulnerability ticketing with our API. Or, talk to us about your custom tooling for integration and file import.
Streamline Pentest Reporting
Hassle-free report generation
Auto-populate reports with project data, import vulnerability libraries and canned content, and use GenAI to streamline summaries and writeups. We do the repetitive work so you can stick to pentesting.
Markdown Editor
Seamlessly customize pentest reports and templates with a markdown editor and CSS to quickly make changes, add custom styling, and get the look and feel you want.
Dynamic Tokens
Autopopulate reports with vulnerabilities, project data, and pre-canned content using tokens as placeholders in report templates to automatically pull data.
Content Libraries
Pull content and sections from your libraries to quickly build dynamic reports for even complex pentests & red teaming – customized to every test.
Report Templates
Build report templates, sections, and content, and complete with your own branding, and seamlessly generate pentest reports based on those templates.
Delivery & Retesting
Strengthen the bond with your clients
Deliver more than just the report with a full suite of client-facing tools designed for collaboration, remediation, and project management – for full visibility of vulnerability findings, trends, and fixes.
Retesting
Deliver vulnerability level and project level retesting so clients can track fixes, resolve vulnerabilities, and stay both secure and audit ready.
Collaborative Pentest Processes
Remediation
Deliver vulnerability management, complete with remediation and reoccurrence tracking so clients have insight into their vulnerability profile.
White-Label Portal
Brand Cyver Core’s URL, client portal, reports, and templates to deliver improved customer experience under your own brand with our white-label portal.
Planning & Collaboration
Stay in control of projects & teams
Gain real pentest oversight & insight with team and task management tooling. Cyver Core’s pentest management platform enables accountability and transparency across projects.
Real-time Notifications
In-app Communication
Planning & Availability
Automatically assign tasks to relevant roles and start pentests with full oversight of who’s responsible and why.
Role Management
Cut manual work on pentest reporting without sacrificing control & customization
Vulnerability Scanning
Automate Scans & Continuous Assessments
Streamline vulnerability scanning and assessments with a full suite of tools to automate and manage scans and their results including an integrated scanner in your Cyver Core Portal.
Integrated Scanner
Leverage integrated scanners like reNgine to offer PTaaS, DAST, and attack surface management, or bring your own tooling.
Continuous Projects
Continuous Reporting
Automatically generate reports from scan data, map vulnerabilities to your library, and add templates or custom report sections.
Vulnerability Management
Automatically add data to findings, merge results between scans, and count instances so scan data helps clients stay secure.
Hosting & Deployment
Compliant & Secured Hosting
Cyver Core offers a standard multi-tenant hosting in the Azure cloud as part of our base plan. Cyver Core also offers solutions for organizations with more specific or custom security and deployment needs. We’re also fully SOC2 compliant, so your and your customer’s data stays secure.
Deployment Region
Choose a deployment region in the EU, US, or UK to meet compliance or regulatory requirements.
Data Isolation
Get full database and storage isolation to protect your or customer data & meet regulatory requirements.
Full App Isolation
Fully isolate your Cyver Core app in deployment with a separate webapp, database, and storage.
Private Hosting
Maximize security with private hosting on a SOC2 compliant stack in an Azure region of your choice.
API & Integrations
Easy to Connect
Integrate your toolkit, extend Cyver Core functionality, and seamlessly pull data into one central platform with our API and integrations.
Link External Tooling
Link project management tooling and seamlessly integrate data across your tooling with either a custom connection or one of our integrations.
Vulnerability Connectors
Link your tooling to automatically import vulnerability findings, libraries, descriptions, & more so everything is right where you need it.
Full API Extensibility
Need custom push data? Our REST API allows you to connect to any tooling or sources you like, so everything shows up in your portal.
Events and WebHooks
Set up events and webhooks for project management, pentesting, scanners, & more, so your tooling automatically updates as you work.
Cut manual work on pentest reporting without sacrificing control & customization
Improved customer experience
A work management platform
for pentesters
Get fully-secure pentest management and collaboration in the cloud, complete with a responsive UI and integrated support portal. We’ve thought of everything so you don’t have to. It's not Asana or Jira, it's made for pentest professionals.
Multi-language
Deliver reports, dashboards, portal access, and content in a language that makes sense for you and your clients. Cyver Core offers full multi-language support, so your dashboards and content are delivered in ways that work for your business.
Cloud Access
API
Responsive UI
Support Portal
Security
Any questions?
We're here to help
What is a Pentest Management Platform?
Pentest Management Platforms like Cyver Core digitize pentest workflows, replacing manual communication and reports with digital workflows. It means real-time results, live communication with clients, and findings as tickets. Plus, we offer automated pentest reporting, complete with integrations for tools like Burp Suite, Nessus, NMap, & more. Our goal is to help pentesters save time (70-85% of time spent on every report), reduce overhead hours for pentest management, and deliver pentest-as-a-service to clients.
How is Cyver Core Secured?
Cyver Core is fully secured, regularly pentested, and regularly backed up. We maintain SOC2 compliant infrastructure, as verified by external auditors. All user data is stored redundantly and automatically backed up inside Microsoft Azure architecture, with fully redundant server architecture and network connectivity. We take security seriously, and you can see a full list of our security practices in our security policy.
Will My Clients See I Use Cyver Core?
No! Cyver Core is fully white label. When you onboard your clients to our platform, they see your branding and brand name. You can also fully customize reports, project templates, and other digital assets. Your clients, your brand, your digital privacy, powered by Cyver Core.
How Does Cyver Core Automate Workflows?
Cyver Core utilizes standardized workflows to automatically progress projects based on pre-defined parameters and settings. You set up project templates and Cyver Core automatically performs workflows inside those, to move the project from one stage to the next, to create Findings tickets from imported data, to notify stakeholders, and to schedule the next pentest. In addition, Cyver Core uses automation and Smart features to auto-fill tickets, to create projects, and to generate reports, so you have to do the minimum manual work possible. Visit our features page to learn more.