Skip to main content

Continuous pentesting: Overview of the main features

Discover the main continuous pentesting features to help the remediation and the alignement with regulatory requirements.

Updated this week

YesWeHack’s Continuous Pentesting service provides ongoing, agile security testing to help you quickly identify and remediate vulnerabilities, reduce your attack surface, and streamline manual security processes.

Define the assets and requirements you want to test, and YesWeHack will match the right pentesters and set up customized pentest campaigns. You will be notified of each new finding and can access actionable reports (including remediation guidance) directly through the platform. Manage the remediation process using the available dashboards, and easily share audit reports with your key stakeholders.

Discover the key features of the YesWeHack Continuous Pentesting solution.

Program information

From the Admin panel, you can access all your “continuous pentesting” programs and their details, invite team members to your programs, and add credentials to facilitate security testing across your different scopes.

You can also generate an audit report to share key program information internally or externally.

⚠️ Continuous Pentesting is a fully managed solution. Please contact your dedicated CSM to update an existing program or launch a pentest campaign.

View all program details

  • Go to the “Admin Panel”

  • Click on “Programs” in the left-side menu

ℹ️ The screen example displays only one program, but you can have several programs depending on your organisation.

  • Select a program to view all details (e.g., product description, scopes, members, audit reports)

Invite team members

  • Go to the “Admin panel”

  • Select a “Program”

  • Click on “Members” on the left-side menu

  • Select a “Role” and fill in “Username or email”

  • Click on “Send” to invite the new member

It is possible to see all your invitations (pending, accepted and revoked) on the page below, which also contains a search bar and a dedicated role filter.

ℹ️ To learn more about roles & permissions, click here.

Add credentials for pentester

ℹ️ For this topic, please contact your dedicated CSM, who will guide you in creating a credentials pool.

Generate an audit report

An audit report is a summary of a pentest program that can be easily shared internally with key stakeholders (e.g., for board reporting) or externally with regulators.

ℹ️ Learn more about audit reports and all the steps to generate one here.

  • Select a “program” in your admin panel

  • Click on “Audit reports” in the left-side menu

  • Click on “Generate an audit report”

Attack surface

Get an overview of all your assets and how they are covered by the YesWeHack continuous pentesting solution in the Attack Surface tab.

Continuous pentesting vulnerability reports come from scheduled pentest campaigns and detected issues (identified through continuous security testing and confirmed by YesWeHack pentesters). Follow the steps below to learn where you can view the results of ongoing security testing.

  • Go to the “Attack surface” tab

  • The first tab “Overview” in the left-side menu provides a summary of your assets, active programs, and current vulnerability reports.

  • Click on the “Primary Assets” tab to view the list of your assets covered by your different programs and which hosts are vulnerable, including those where detected issues exist.

  • Open a primary asset to display the details. A red bug icon will show the detected issues in the "Risks" column:

ℹ️ All detected issues are confirmed by YesWeHack and displayed in your pentest programs.

When looking at Hosts, within the dedicated tab or through a primary asset, you can also make sure that the asset is covered by ongoing security testing:

ℹ️ To access a detailed view of all scans running on your assets or to subscribe to CVE alerts, click the following links:

Vulnerability management

  • Click on the “Vulnerability Center” tab to view and manage all your reports

ℹ️ Note: Find all reports from your different subscriptions (e.g., Continuous Pentesting, VDP, etc.) in your Vulnerability Center, including detected issues (identified through continuous security testing) and potential CVEs (linked to outdated technologies exposed on a Host) that have been converted into reports.

ℹ️ Discover here all the options available after receiving your first vulnerability report.

ℹ️ To learn more about how a vulnerability report is structured, click here.

Dashboards

Find key metrics directly in the dashboards to learn more about the distribution of all your reports (e.g., by status and severity) and the remediation process:

Related Articles
Manage your pentest campaigns
Pentest report management
Set up your pentest campaign
Manage my vulnerability reports from continuous pentesting
Vulnerability reports from Continuous pentesting
Did this answer your question?