Skip to main content

Set up your pentest campaign

Launch a pentest campaign, manage all discovered vulnerabilities, and generate a comprehensive report

Updated over a week ago

Create your pentest campaign

ℹ️You must be a Business Unit Owner or a Business Unit Manager to create a pentest campaign.

  • Go to the “Admin Panel”

  • Click on “+ Program”

  • Select “Pentest management”

  • Click on “Create program”

  • Fill out all the program fields :

    • Title

    • Tags (optional)

    • Supported languages: 5 languages maximum

    • Security: this option makes it mandatory for users to enable TOTP in order to access the pentest content. This option does not affect users using SSO authentication.

    • Partitioning: When this option is activated, the Pentesters engaged in a campaign of this program do not have access to the reports of other Pentesters.

    • Certification: Provide and validate items required by most certification bodies.

ℹ️When you check the “Certification” box, a new section will appear in the final report to explain “Items provided to pentesters”, to comply with requirements of penetration testing.

  • Choose a “Methodology”

ℹ️ A methodology is equal of all rules that Pentesters have to follow during the pentest. The most famous one is OWASP TOP 10. The selected methodology will be included in the final report.

  • Disable or define the “Service Level Agreement (SLA) for remediation”

ℹ️ SLA refers to specific commitments related to the remediation of issues within a defined timeframe. This is useful both for Pentesters and Managers because it allows each part to be informed of the remediation timeline.

  • Fill in “Pentesting requirements” to describe if specific accesses or a VPN are required.

  • Fill in “Pentest description” fields (Scope type, scope title, asse value, Out-of-scope, qualifying and non-qualifying vulnerabilities)

  • Describe the “Policy”

  • Upload files (optional)

  • Click on “Create”

Complete your pentest configuration

Designate a pentest lead

  • Click on “Designate a pentest lead” in the banner

⚠️You must designate a Pentest lead to generate the final report.

  • Select a “Member”

  • Click on “Designate”

Report template

  • Click on “Set up report template”

  • Fill in the “Template” field

  • Click on “Save”

Invite Pentesters on your program

  • Click on “Pentesters” in the left-side menu

  • Fill in the “Username or email” to invite Pentesters one by one, or invite Pentesters from group

  • Click on “Send”

ℹ️ You need to invite Pentesters on your program before adding credentials.

ℹ️ To know more precisely how to invite Pentesters and your team (e.g. program manager) on your program, click here.

Add credentials (optional)

ℹ️To learn how to grant access to specific scopes by creating credential pools, click here.

Start your pentest program

  • From your program, click on “Start Pentest” when you are ready

  • Pause or stop your pentest program as many times as necessary

ℹ️Learn how to manage your pentest reports here.

ℹ️Don’t know how to generate a final report ? Click here.

Related Articles
How to generate & customise a final pentest report
Manage your pentest campaigns
Pentest report management
How to get invited on a Pentest campaign?
Submitting a report as a Pentester
Did this answer your question?