arrow-left Back to announcements
DATE:
AUTHOR:
CyberCloud Team
PentestPortal.io

Release 29 March 2024

DATE:
AUTHOR: CyberCloud Team

We're excited to announce the latest release of PentestPortal.io, packed with new features and bug fixes to enhance your pentesting efficiency and experience. Here's what's new and improved:

Features

Major feature: Search Field!
Introducing a search field where users can search and filter findings they have access to. This feature addresses the common issue where pentesters are unable to find what they previously encountered. Users can now search findings from pentests and major risks in:

  • Finding title

  • Description

  • Recommendations

  • Reproduction steps

Outside of scope:

  • Assessment titles (we do currently see no practical usage for this)

  • Client names (as there is already a nice Customer page)

The result is a dropdown of clickable findings will be displayed, showing the client name, risk title, and a highlight of the finding. The findings are sorted in descending order by the date of the finding.

Other Features

  • #PP-173: Check if the IP address is filled in for an IP-target type.

  • #PP-174: In the management tool, the DEFAULT_PORTAL_URL can now be specified. This is important for URLs such as the Stripe redirect URL.

  • #PP-189: It is now possible to delete ports (TCP/UDP) for targets.

  • #PP-197: Adding new targets, both at customer and assessment (pentest) level, are now better checked for duplicates, such as IP address, to prevent the same targets from existing multiple times at that level.

  • #PP-198: As an Account Manager (often the person scheduling the pentest), it is now possible to remove a pentest from the system. A 'Delete' button has been added to the edit assessment dialog, followed by a confirmation dialog where the user must fill in the name of the assessment.

Bug fixes

  • #PP-161: When custom domains were added for multi-reseller instances, the new domain was not automatically included in the App Registration in Azure. This bug has been fixed. Custom domains are now automatically pushed as redirect URI to the Azure App Registration/Client.

  • #PP-175: The risk level in the report disappears if no risk 'rationale' is filled in.

  • #PP-182: On the Overview page (/pentest/UUID), the ASVS table was enabled while ASVS was turned off within the pentest assessment. This has been corrected.

  • #PP-188: The title "Hertest Opmerkingen" in the report was, for some reason, spread over two lines, but is now neatly on one line.

  • #PP-190: Sometimes, new users of new instances could not log in due to a specific flow containing a bug.

  • #PP-191: An error displayed at the startup of instances: "Cannot read properties of undefined (reading 'nrOfActiveSeats')" has been fixed.

  • #PP-192: Various language bugs have been resolved.

  • #PP-200: In the management tool, an Azure Secret ID could be specified for an instance link. This was not used in the backend, so it has been removed.

  • #PP-201: Targets of the type 'cloud resource' are also included in the pentest waiver now.

  • #PP-205: Copying targets from a client did not work entirely (not all selected targets were copied to the assessment).

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!

Powered by LaunchNotes