DATE:
AUTHOR:
CyberCloud Team
PentestPortal.io

Release 20 November 2023

DATE:
AUTHOR: CyberCloud Team

We're excited to announce that, hot on the heels of our previous update of last week, we've rolled out another release packed with even more new features and important bug fixes. Our commitment to providing a seamless and powerful platform for your penetration testing needs continues to drive us forward.

Features

  • #696 - Integration of risk mapping Baseline Informatiebeveiliging Overheid (BIO)

    Enhancing our pentesting capabilities, we've introduced support for linking pentest risks to specific measures within the Baseline Informatiebeveiliging Overheid (BIO): https://bio-overheid.nl. This integration allows users to align identified risks with the corresponding BIO controls, facilitating a targeted and efficient approach to complying with these standards.

  • #PP-39: Support of risk mapping to OWASP API Top 10 Security Risks

    We're proud to implement support for associating identified risks with the OWASP API Top 10 Security Risks: https://owasp.org/API-Security/editions/2023/en/0x00-header/. This feature extends our platform's risk management framework, enabling users to directly reference and mitigate against the most critical security risks faced by APIs, as recognized by the trusted Open Web Application Security Project (OWASP) standards.

  • #PP-24: Improved flow of adding new risks to main risk-database

    In response to user feedback on the utility of the pop-up feature, we've refined the flow to add a new risk to the main risk database. Observations indicated that the pop-up was primarily used to enter only a title, with little further utility. We've simplified the process, now initiating directly from the main risk screen. Users will be able to enter a title and will then be redirected to the risk screen to continue detailing the risk. This change is aimed at enhancing user experience by reducing unnecessary steps and focusing on the core functionalities that our users rely on.

Bugfixes

  • #PP-33 Dark mode link visibility: Links are now clearly visible in dark mode, especially on the Dashboard.

  • #PP-34 Database accessibility: Projects in MongoDB created via API now include a Network Access List for application accessibility.

  • #PP-35 Basic scan credit expiry message: Error messaging improved for basic scans created post reseller credit expiry.

  • #PP-37 Pentest assessment data table refresh: The risks data table now updates immediately after a risk is added to a pentest assessment.

  • #PP-40 CSV export and JIRA import compatibility: Exported CSV files no longer include images to ensure compatibility with JIRA's character limit.

  • #PP-43/52 SMTP settings security enhancement: Security has been reinforced for SMTP configuration settings.

  • #PP-44 Test account linking in pentest assessments: Test accounts can now be successfully linked to targets in pentest assessments.

  • #PP-47 Secrets inclusion in CyberScan reports: CyberScan reports have been updated to include all found secrets.

  • #PP-45 Admin page UI enhancement: Extraneous buttons hidden off-screen on the /admin page have been removed for a cleaner UI.

  • #PP-52 Customer settings security improvement: Security checks around customer settings have been further strengthened.

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!

Powered by LaunchNotes