Pentest platforms allow your cybersecurity firm to deliver pentest-as-a-service complete with a cloud portal – where you can import findings, automate pentest reports, and manage clients and their vulnerabilities in one place. With platforms like Cyver Core, you can also offer free vulnerability and pentest management tooling to your clients as part of the service, allowing for a better customer experience with improved vulnerability management and faster remediation.
At the same time, onboarding and moving to a pentest platform means choosing a solution that meets your needs. That can involve weeks of testing to ensure everything you need is there. It also means deciding what you’re looking for in a platform to begin with. For example, you might be wondering if you want custom scripting in the platform to develop your own solutions and customizations. We’ll go over that use case in this article to discuss the pros and cons of each.
Scripting Customizations
Some pentest platforms offer scripting or custom code, allowing you to build your own integrations and solutions inside the platform. These allow you to script your own code directly into the platform to customize the platform. That means:
- Changing application logic to better align with your workflows
- Creating new application behavior
- Creating platform automations
- Setting up custom dashboards
This has several advantages for pentesters:
- You get more control over the platform with full control over functionality and features as well as platform behavior. Depending on the extensibility of the script inside the platform, you can heavily modify behavior and logic inside the platform.
- You can build in custom requirements like dashboards or data visualizations required by specific stakeholders – allowing you to use the platform even when working with very specific requirements.
- Your firm can scale features and options as much as you want by developing (and maintaining) them yourself.
Of course, there are also multiple drawbacks to this approach:
- The value of moving away from a custom platform is often to reduce or eliminate the need to build and maintain solutions. Having to learn and script your own solutions inside the platform negates this point.
- Investing development time in a platform you don’t own. Every feature has to be scripted, tested, debugged, and then launched.
- Increased learning curve and setup time with potentially months in between onboarding and having a platform that meets your use-case
- Added internal costs that are difficult to predict or track, as internal people have to learn, introduce, build, and maintain new features in the platform.
What About a Flexible User Interface?
The alternative to looking for a pentest platform with custom scripting capabilities is to look for a pentest platform with a flexible UI. Here, you get customizations that already have most or all of the features and workflow options you might want and then customize those to your needs during setup. With Cyver Core, it’s intuitive to get started with:
- Fully customizing the report to your needs
- Building and setting up custom workflows and logic
- Setting up custom project templates
- Setting up custom dashboards and views
The idea is that you can get up and running, with full customizations to exactly the features and options you need in as little time as possible. Plus, with a customer success manager available whenever you have a question, onboarding is simple. In addition, with no custom code to build or maintain, costs will be the same predictable upfront costs you were quoted at the start. And, most importantly, it’s extremely easy to change those settings later.
For example, with Cyver Core, setting up a custom dashboard or view is as simple as selecting which items should appear in the dashboard. In addition, you can change these settings per role – so external people see different views than pentesters and different clients see different views.
Or, you can choose to have projects automatically update status based on where they are in the workflow – so that status changes when you upload findings, or the pentest automatically marks itself as complete after the testing date is over. No custom code needed, just settings.
“For me, the important thing is that we follow what the market needs, we stay in touch with our customers and build features to meet those needs – because if we have a situation where a client needs something and they have to build it themselves – we’re not meeting that customer’s needs” says Luis Abreu, founder of Cyver Core, “Having a flexible UI that offers everything you need out of the box is so much more important than being able to build whatever you need into the platform”.
Considerations:
There are situations where custom scripting is the way to go. For the most part, you should consider:
Onboarding Time – If you want to onboard quickly and with minimal learning curve, look for a platform that already has the features you need.
Dependencies – The more you customize a platform to meet your needs, the more you’re dependent on that platform and cannot move.
Hidden Costs – Avoiding custom coding will reduce hidden costs a great deal because you won’t have to calculate maintenance and learning the script into costs.
Complexity Needs – If your use case is extremely high complexity or has extremely specific requirements, you may be forced into custom scripting.
If you’d like to learn more about Cyver Core, schedule a demo to talk to us about its capabilities and features. And, feel free to make a feature and integration list and bring it with you to the demo, we’ll talk to you about what we have, what we can build, and how we can solve your problems out of the box.