Virtual Penetration Testing

Overview

Welcome to the Virtual Penetration Testing module. In this section, you'll be guided through the process of using our virtual penetration testing tool. You'll learn how to:

• Navigate through the module interface.
• Create and initiate a penetration test scan.
• Understand and utilize the dashboard and its components.

Virtual penetration testing is a remote security assessment method designed to evaluate the vulnerabilities and weaknesses within digital environments, including web applications, networks, and systems. By simulating potential attacks using various tools and techniques, this method helps identify security flaws and assesses the effectiveness of current defenses. Unlike traditional in-person testing, virtual penetration testing is conducted over the internet, offering flexibility in testing locations and often reducing costs. The primary aim is to detect and address vulnerabilities before they can be exploited, providing valuable insights to enhance your organization’s security measures.

Navigate to the module

• Beside the Risk Management text click the redirect icon showed on the image below. 

• After redirected, it will show you the modules under risk management then click Penetration Testing.

Create a Penetration Test Scan

• To create a penetration test you will be already redirected to the scan page when you click the Penetration Testing, as shown below you just need to click New scan.

• After clicking scan it will show you all the type or testing categories you can do and every category it will show you the tools you can use for your testing.
  • for example, the image shows that the user chooses Network penetration testing, the tool he/she can use are Nmap & NmapUDP are for (port scan), then OpenVAS is for (Network Vulnerability Scan). After you pick/choose click Next.

• When clicking next, it will guide you to the next step which is Selecting Targets. in this section it allows you to add or select target that is already existing on the list. Note that there is limitation on adding targets. (3) targets only is allowed. 

• If the target you need to test is already exist just click the check box beside the targets name, then if it doesn`t exist yet you can click the " Add Target " in the upper right to all new target.

• If ever your target doesn`t exist on the list, you can just simply click +Add Target then a modal will show for you to input the target then click add target to submit the target credential, then it will automatically show the added target on the dashboard and you can proceed on clicking next for step 3.

• On the 3rd step, it will ask you when will the will the scan happen, and the type of notification you want to receive. The image shown below are the options you have when configuring your penetration scan.

• Step 4 shows you the overall set up of your penetration scan for you to review if all the details you provide is correct before Running the Scan.

Penetration Test Scans Dashboard: 

In the Penetration Test Scans dashboard, it shows all Penetration Tests that were conducted. It shows the completion of the test, whether it has finished the scan or not. It also shows the website where it has conducted the test as well as the different types of severity for the vulnerabilities & risks the penetration has scanned.

Virtual Penetration Report Dashboard:

• This shows the user all the list scans done on the targets. 

Virtual Penetration Testing Reports:

• There are multiple ways to Generate or get the report for your Virtual Penetration Testing, you can view it on the Scan Dashboard and also in Reports Dashboard. In this part it will show you all the option you can get or view the outcome of your scan/test.

View/Generate Scan Report in Scan Dashboard:

• When you are on the Scan dashboard you can also View/Generate report on the specific scan you made by clicking "Report" button on the specific scan you want.

• After clicking the "Report" button, it will show you the report of the scan with different functionalities like "Save", "Download", and " Print".

View/Generate Scan Report in Report Dashboard:

• In this part the other way you can View/Generate report is on the Report dashboard. but in this part, there are two way you generate, it's by clicking "New Report" and "View" button. Below, it will show you both option and its functionalities.

Top Vulnerabilities Detected:

Top Vulnerabilities Detected provides a visual summary of the most critical vulnerabilities identified during the test. It typically ranks these vulnerabilities by severity or impact, highlighting which ones pose the greatest risk. The graph often categorizes vulnerabilities by type or affected system areas, such as web applications or network services, and may show their frequency of occurrence. This helps prioritize which vulnerabilities need immediate attention and provides insight into the overall risk landscape. Additionally, if the graph includes data over time or across different test phases, it can help track trends and assess whether security improvements are being made. Overall, this graph is an essential tool for understanding and addressing the most significant security threats uncovered in the penetration test.

• Clicking on any section of the graph triggers the display of a modal that provides detailed information about scans that have identified a top vulnerability. This modal presents a comprehensive overview, including the target of the scan, the type of vulnerability detected, the date of the penetration testing, and the current status of the vulnerability. This detailed view helps users understand the context and specifics of each detected vulnerability, facilitating more informed decision-making and prioritization.

Recent Penetration Test:

Recent Penetration Test refers to the latest assessments performed to evaluate the current security status of your system. These tests identify and analyze vulnerabilities, helping you understand recent threats and improvements. Reviewing recent tests ensures your defenses are up-to-date and aligned with the latest security risks.

Top Exploitable Assets:

Top Exploitable Assets refer to the most vulnerable components of your system identified as having the highest potential for exploitation by attackers. These assets are prioritized based on their risk level and ease of exploitation, helping you focus on addressing the most critical weaknesses to enhance your overall security.

To access detailed information about vulnerabilities from a penetration test, click on any item in the "Top Exploitable Assets" list. This action reveals a comprehensive view of the scan, including the types of vulnerabilities detected and their severity levels. The modal also displays scan details such as the start and end times, duration, and sources of the test. Additionally, it provides specifics on vulnerability types, affected hosts, paths, insertion points, and overall severity, offering a thorough understanding of the identified security issues.

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.