Release 24 February 2026

This February release focuses on compliance modernization, improved reporting flexibility, and giving customers more controlled interaction within pentests. With support for ASVS v5, a brand-new Excel report export, customer-level risk acceptance, and improved quality workflows, this update strengthens both technical depth and usability. As always, we’ve also addressed a broad set of bug fixes to improve reliability across reporting, invoicing, and compliance modules.

Features & Improvements

PP-635: ASVS Update to Version 5.0.0

We’ve upgraded the ASVS framework to version 5.0.0.

Key changes:

• New pentests default to ASVS v5

• ASVS v4 remains visible for historical pentests

• New pentests can no longer select v4

• Full multi-version support across:

  • Risk Database

  • Pentest create/edit dialog

  • Pentest quality demands

  • Pentest risks

  • Compliance tab

  • Report risks

  • ASVS charts and tables in reports

PP-582: Excel Report Export

A new Excel Report export option has been added alongside the existing PDF and Jira CSV exports.

From the report download menu, users can now select:

• PDF Report (existing)

• Excel Report (new)

• Jira CSV (existing)

The Excel export includes:

• Findings table

• Rendered fields (description, recommendation, etc.)

• Targets

• Properly sorted IDs (with leading zeros)

• Customer reference

• Finding reference column (e.g. DHL-2601-WA-0)

Irrelevant columns have been removed for clarity.

PP-630: Customer-Controlled Risk Acceptance

Customers can now mark a finding as:

New → Open → Accepted

Conditions:

• Only available when the pentest is completed

• Permission is configurable per customer contact

• Only selected customer users may perform this action

PP-635: Customer Reference Field on Risk Detail

A new Customer Reference field has been added to the risk detail page.

• Visible to: Customer contacts, Pentesters, Account Managers

• Editable by: Customer contacts (except when pentest is cancelled)

• Clickable if entered as a URL

• Included in Excel export

• Carried over in retests

• Not copied when duplicating risks

• Not included in PDF reports

PP-624: Manual Kick-off Approval

Added the ability to manually approve the kick-off quality demand.
Useful for customers not using the automated kick-off email workflow.

PP-622: CWE & OWASP Support for Source Code Findings

CWE and OWASP categories can now be assigned to findings categorized as “Source Code”, improving classification and reporting consistency.

Bug Fixes

• PP-627: ASVS compliance entries without comments were not saved. All entries are now stored correctly.

• PP-599: “Affected targets” selection popup now closes properly after saving.

• PP-597: Error 500 after sending invoice resolved (invoice was sent correctly but error shown).

• PP-639: MGMT metrics were no longer updating. Metrics processing restored.

• PP-637: SMTP validation error messaging corrected (port 587 vs 465 handling).

• PP-636: Retest reports are downloadable again.

• PP-628: Welcome email wording corrected to properly reference the organization instead of the contact person.

• PP-626: Invoice layout alignment (description, quantity, VAT vs price) fixed.

• PP-618: Findings added under targets now display correctly across views. Datatables cleaned up and duplicate icons removed.

• PP-615: Management tool Sentry release issue resolved.

• PP-612: Speed dial translation mismatch when switching languages fixed.

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!