Starting an Assessment

An assessment is the process of preparing and running an AI-powered pentest on your application. During setup, you’ll define what should be tested, how deep the test should go, and under what conditions it should run.

The setup flow guides you through a few key steps to ensure the pentest runs safely and effectively. Each view in this process focuses on a specific goal:

Assessment Details: Choose the type of pentest you want to run. White box tests use additional context (like repositories or configurations) for deeper coverage, while black box tests simulate an external attacker with no inside knowledge.

Scope: Define the entry points or domains that are in scope for the test. Ownership of each domain must be verified before the assessment can continue.

Authentication: Add login credentials to simulate real-world scenarios for authenticated users and admins. This allows the test to explore protected areas of your app.

Attack Resources: Provide extra context to help the test understand your environment. This can include linked repositories, API specifications, or notes about architecture and frameworks.

Confirm: Review your setup and authorize the test.

Pentests can run destructive actions, so they should never be executed on production environments or systems containing customer data.

Once confirmed, the assessment runs within the defined scope and timeframe. After completion, you’ll receive a detailed report with findings, prioritized risks, and remediation guidance.

Last updated 1 day ago

Was this helpful?