fbpx

For many pentesters, project management is put on the back burner. Pentesters and even pentest teams work using email, phone calls for onboarding, and Excel files to keep track of which pentests are being performed and when. In some cases, that lack of project management even extends to client management – where many pentesters don’t even record which tests have been performed or not as part of a test. Instead, you have to memorize everything, work from scattered notes, and use working memory to figure out what you have to do, for which client, and when. 

Pentest management is the concept of introducing project management designed around the needs of pentesters and pentest teams. Digital work management is already extremely common in every other industry, with tools like Jira, Asana, Trello, and others. At the same time, those tools rarely work for pentesters because they don’t offer support for the processes, tools, or workflows that pentesters actually use. 

That’s why Cyver Core is one of a growing number of pentest management platforms, offering work and client management specifically for pentest projects and teams. 

What is Pentest Management 

Pentest Management is a software solution built around managing pentests, ethical hacking, and pentest clients. While specific offerings vary per platform, pentest management at Cyver Core looks something like the following. 

When you agree to do a pentest, you onboard the client to your white label Cyver Core portal. The client then adds details such as the assets to be pentested, their relevant people, etc. 

You create a pentest project template using data from your scoping call and that the client added to the portal. This includes data like the responsible pentester, assets to be tested, security information where necessary, compliance standards or pentest frameworks to be used, and any task lists or specific methodology you’d like to use. 

Then, you create the project or send it as a proposal, wait for approval, and it automatically moves into your pentest schedule. Cyver Core generates task lists based on methodology and compliance norms you’ve chosen. This means you can assign individual tasks and tests to pentesters across your team. In addition, you can track status and completion rate to see if the pentest is on schedule, which member of your team should be doing which work, and when it’s due. 

Finally, you can update the status of the pentest as you move it forward in your workflow. Cyver Core supports tracking so you can see at a glance if the pentest has been started yet, if it’s ready for reporting, or if the client has requested retests after remediating vulnerabilities. 

Pentest Management with Cyver Core 

Project management tooling means you get oversight of what work is in progress and who’s responsible for it. 

  • Project Visibility – Cyver Core uses calendars and Kanban boards to show you what’s in your pipeline and when it’s due. That makes it easy to prioritize work without looking up deadlines and how to fit work together. 
  • Project Status Tracking – Cyver Core uses project status and workflows so you can easily keep track of which work has been done and what stage the pentest is in. For example, you can use pre-built or make your own checklists for pentest methodology and compliance norms. Then pentesters can check off work as it’s completed. That makes it easier to have multiple people work on a single pentest and easier to see what still has to be done to meet the requirements for the project. 
  • Pentester Availability – Cyver Core’s calender function means you can see what you or your team are busy with on which days. That makes it easier to plan new pentests or even to plan calls and meetings around those pentests. Having quick visibility of when you’re planning to work on those pentests can also prevent you from overbooking and being late on some projects.
  • Pentest Pipeline – Having oversight of all your projects in one place complete with proposals, timelines, and preferred schedule to repeat the pentest means you can see your revenue streams, how much work is coming in, and how much work you need to fill out your schedule or to reach goals. 

If you’d like to learn more about how Cyver Core’s pentest management features can help you simplify your work and reduce time you spend managing it, get in touch. We’d be happy to offer a product tour and demo so we can help you figure out how pentest management can help you.