Skip to main content

Manage your pentest campaigns

Orchestrate all your pentests through one unified interface

Updated over a week ago

Challenges of current pentesting activities

Penetration testing is an integral part of any organisation’s security posture but remains a frustrating experience for many security teams.

Handling multi-channel engagement and multiple reporting formats absorbs valuable time that could be spent following up and fixing vulnerabilities.

Key advantages of YesWeHack Pentest Management

The YesWeHack Pentest Management solution addresses these challenges holistically to simplify how your pentests are managed today.

  • Centralize pentest findings from all sources into a single and intuitive reporting interface

  • Rely on standard reports containing all the necessary information to process vulnerabilities

  • Provide a secure channel enabling your operational teams and the pentesters to communicate seamlessly for each vulnerability reported during the campaign

  • Integrate pentest report data into existing tools and internal workflows to streamline follow-up and enhance remediation

  • Generate a final and comprehensive report for each campaign, comprising detailed pentest findings or an Executive Summary to serve as a proof of audit

  • Meet compliance or certification requirements

ℹ️ To know more precisely how to create and configurate a pentest program, most of the steps below are detailed in a dedicated article here.

Key steps of a pentest campaign

Discover the key steps of a pentest campaign managed through the YesWeHack platform. Deep-dive on each step with our dedicated articles.

Step 1: Campaign set up

The first step is to create your Pentest program on the platform.

  • Create a campaign

  • Invite pentesters and your team (e.g. program manager) on your program.

  • Appoint a Pentest lead. This is a mandatory step as this person will be the one able to generate the final pentest report

  • (Optional) Setup a credentials pool for pentesters to grant them access to restricted scopes.

ℹ️ Learn more about credentials pool in this article.

  • Start your pentest program!

Step 2: Process reported vulnerabilities

  • Assess the vulnerabilities and interact with your pentesters directly on the platform

  • Leverage the same platform for each and every one of your pentest providers

ℹ️ Learn more about report management here.

  • Go to the "Vulnerability Center"

  • Open any given report to access detailed bug information and means to communicate with the pentesters

Step 3: Manage your Pentest program

  • You can pause & resume the campaign as many times as necessary

ℹ️ Pausing can be helpful if you want to fix critical vulnerabilities before moving forward.

  • Keep a draft report updated throughout the pentest process

Step 4: End the campaign

  • Stop the campaign on the platform once it is completed

  • Ask the pentest lead to generate the final report.

ℹ️ The final report can only be exported once the campaign is finished. To know how to generate the final report, click here.

Related Articles
How to generate & customise a final pentest report
Pentest report management
How to get invited on a Pentest campaign?
Set up your pentest campaign
Submitting a report as a Pentester
Did this answer your question?