arrow-left Back to announcements
DATE:
AUTHOR:
CyberCloud Team
RELATED ROADMAP ITEMS:
#144 - Automatic generation of Pentest Waivers / Rules of Engagement
#362 - Support new target type Repository and Source-code Risk
PentestPortal.io

PentestPortal release - 27 October 2022

DATE:
AUTHOR: CyberCloud Team
RELATED ROADMAP ITEMS: #144 - Automatic generation of Pentest Waivers / Rules of Engagement , #362 - Support new target type Repository and Source-code Risk

Much work has been done to fulfill some major wishes of our partners and their customers. In this release, the following has been delivered and released to production.

New Features

  • #362 - New target type 'Repository' and risk type 'Source code', to support assessments that only consists of source code security reviews.

  • #384 - Now it is possible to send pentest and risk reports also to foreign mobile phone numbers through the SMS API.

  • #395 - As you know, at assessment level we already supported target type IPv4/IPv6 addresses (single ones) and VLAN (IPv6/IPv6 CIDR ranges). However, what if your customer has external IP-address ranges assigned by their ISP for their internet connection? Right, those are Wide Area Network IP-addresses/-ranges (WAN). With this release, we do also support WAN IP-addresses. Within the penetration test reports these targets will be categorized under infrastructure.

Minor updates

  • #385 - Until now, it was only possible to download the Pentest Waiver after everyone signed it. With this new release it is also possible to download the unsigned version, very helpful in case a customer wants to sign the Pentest Waiver with a 'wet ink signature'.

  • #389 - We already supported the Application Security Verification Standard (ASVS) at assessment level. Now, it is also possible to assign ASVS in the main risk database as well to save time later on during an assessment.

Fixes

  • #356 - Sometimes, new risks were added twice at assessment level. This has been fixed now.

  • #386 - The OWASP Top-10 quality check resulted in false positives. Now, we don't use the target type for this check anymore, but the risk type. That makes more sense we think.

  • #387 - The CSV JIRA Export did not always calculate the Due Dates based on the customer settings. We have fixed that now, happy exporting!

  • #382 - Used pentester IPs could not always be deleted.

  • #383 - Some pop-ups showed unwanted [object object].

Basic Security Scan updates

  • #368 - The Basic Security Scan report contains a better quality summary image now.

Powered by LaunchNotes