Cyver Core is a work management tool for pentesters, designed to digitize and automate processes around work management, client management, and pentest delivery. While most people looking into “pentest tools” are looking for exploit and cracking tools to speed up the actual process of pentesting, work management adds value and saves time in everything you do around pentesting.
Pentest checklists or task lists are one feature Cyver Core uses to help with that – creating visible to-do lists per pentest so that you can more easily track what work is being completed, keep a log of when work is done, and assign work out across teams.
How Do Checklists Work?
Cyver Core’s pentest checklist tool integrates into the pentest template in the platform. When you create a new pentest template for a client, you choose a pentesting norm such as the OWASP Top 10, Network Security VAPT, OWASP ASVS 4.0 IoT, and many others. This checklist then loads as part of your pentest setup in the platform, complete with task groups and tasks divided into them.
These include checks and tasks following the guidelines of that pentesting or compliance standard. For example, our OWASP Top 10 checklist includes separate task lists for checking for injection vulnerabilities, broken authentication, sensitive data exposure, etc.
Each of those task groups then has a full task list per, which you can use to guide pentesting.
- Major Pentesting Norms – Cyver Core maintains checklists for major pentesting and compliance norms like the OWASP Top 10 and Network Security VAPT. In addition, if we don’t have a checklist, we can move it into the backlog.
- Fully Customizable – Edit and modify our pre-built checklists or build your own from scratch – Cyver Core makes it easy to integrate your own personal workflows and checks into a defined process to help you keep track of work and pentest stages.
How Can You Use Checklists?
Cyver Core’s checklists make it easier to transparently show clients what you’re working on, when, and why. It also allows you to:
- More Easily Delegate Work – Cyver Core allows you to assign specific tasks to individual pentesters on your team, with visible responsibility. In addition, you can assign work based on which parts of the pentest your teams are better at or have time for, making it easier to distribute work across teams based on skills and availability.
- Track Pentest Status – If pentesters use the checklists and check off tasks, you can very quickly and easily get an update on the status of the pentest. Glancing at a checklist to see how far along it is makes it easier to see status updates and what people still have to do.
- Share with Clients – Knowing what’s been checked for every pentest makes it easier to discuss those points with clients when they ask. In addition, when they ask for a progress update, you can visit the checklist to see what’s been done so far and use that to share with the client.
Checklists eventually add a layer of quality control and transparency to your pentest process, allowing you to ensure you check, at minimum, the same list of things every time. Building those repeatable processes also means you’ll be able to more quickly repeat similar pentests, because you’ll have those processes mapped and in a state where you can easily repeat them.
If you’d like to learn more about pentest checklists or other pentest tools offered by Cyver Core, schedule a demo here to see it in action.