PentestPortal release - 5 November 2022

AUTHOR: CyberCloud Team

Much work has been done to fulfill some major wishes of our partners and their customers. In this release, the following has been delivered and released to production.

New Features

  • #362 - Yay, we now support targets of the type 'Repository' and also risk types relating to source code. This makes it even easier to do source code reviews.

  • #256 - We have completed the first step in restructuring an assessment. When we started with the Cyber Cloud pentest platform, an assessment consisted of only a couple of elements. However, now it has several items, such as scope, findings, reports, files, compliance etc. We have changed the assessment structure into seperate tabs, so it is easier to navigate and find what you're looking for. Any feedback on this major change is appreciated, as always!

Minor updates

  • #266 - From now on, a report can only be downloaded and send when the status of the assessment 'Finished' is. This is important as a report may never be sent to a customer if QA has not been finished yet.

  • #366 - Penetration testers save a lot of time on the automatic flow for the pentest waiver. We have added some checks on completeness before a pentest waiver can be generated and sent.

  • #390 - Some penetration testers discover very complex vulnerabilities that need many reproduction steps. For those pentesters, we have improved the way how you can add reproduction steps, by adding a "+" button also to the bottom of the reproduction steps happy testing!

  • #401 - Build number is shown in the footer now.

  • #373 - Patch management: most libraries have been updated to the last ones!

    • Front-end libraries

    • Back-end libraries

    • Upgrade of Node 16 to Node 18 LTS.


  • #167 - It was possible to login with an account into a partner URL without having that permission. Of course, no data was shown, but the partner branding was visible. We have changed this so you'll only see your 'own' branding.

  • #388 - Column hide/show did not always work.

  • #398 - Thanks Eric for finding an XSS, of course we fixed this ASAP.

  • #399 - We improved the padding on tables in reports.

  • #380 - Spaces after cursive text were for some reason not shown correctly.

  • #333 - The order of risk, impact and probability were not always the same. This has been fixed.

  • #379 - Ordering datatables did not always work as expected, due to parsing issues around filters and sorting, depending on data types etc. The development team reworked a lot of this to get this out of the world :)

  • #403 - Quality checks could no be processed in some cases.

  • #404 - What a coincidence, the send risk button disappeared from the GUI after some updates. There was no better number for this ticket

Basic Security Scan updates

  • #364 - When downloading a basic security scan report, a pop-up was shown to reset numbering. This is not applicable to that type of assessment.

Powered by LaunchNotes