Penetration Dashboard components

  • Release version: Xanadu
  • Updated January 16, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Penetration Dashboard components

    The Penetration Dashboard provides visual insights into your team's penetration testing progress, enabling effective analysis and decision-making to drive business outcomes. It offers key indicators and detailed views of test requests, findings, and team assignments, facilitating proactive management of security assessments.

    Show full answer Show less

    Key Features

    • Important Items Indicators: Visual indicators for unassigned emergency releases, overdue tests, unassigned tests, and critical validations pending, allowing swift identification of urgent items.
    • Penetration Test Requests: View test requests categorized by state, including open, scoping, environment readiness, and testing in progress. Navigate through colored tiles to access detailed lists and historical data for up to six months.
    • Tests Overdue: Track overdue tests using flexible time filters to better manage timelines and ensure timely completions.
    • Tests by Release Approvals: Monitor test approval statuses before deployment, ensuring all required validations are complete.
    • Findings: Access data on open AVITs and those pending validation, organized by risk rating, enhancing your team's response to security concerns.
    • Team Overview: Analyze test assignments for team members over the next six months, providing visibility into workloads across various stages of the testing process.

    Key Outcomes

    By leveraging the Penetration Dashboard, ServiceNow customers can enhance visibility into penetration testing processes, prioritize urgent tasks, and streamline approval workflows. This ultimately leads to improved security posture and more efficient management of testing resources, ensuring timely identification and remediation of vulnerabilities.

    Analyze your team's progress and data visually and drive business outcomes with the help of the components on your personal dashboard.

    Important Items indicators

    View the unassigned emergency release, tests past overview date, unassigned tests and any critical validation pending.
    • Unassigned emergency release: Indicates the total count of unassigned penetration test requests for the 'emergency release' assessment type.
    • Tests Overdue: Indicates the total count of tests past due date.
    • Unassigned tests: Indicates the total count of unassigned tests to the team.
    • Critical Validation Pending: Indicates the total count of AVITs for all the requests in the "Validation Pending" state.
    Note:
    Select each tile to view the list of items and perform the required tasks.

    Penetration Test Requests

    View the test requests by state, tests overdue, and tests by release approvals.
    • Test requests by state: Indicates the number of test requests in these different states of the Penetration Testing cycle. You can view and navigate to the list of test requests in different states by clicking on each colored tile. You can also view the state of these tests for the following six months by selecting the month from the filter drop-down on the top-right section of the tab. Following are the different test request states:
      • Open: Number of test requests open.
      • Scoping in progress:
      • Scoping completed:
      • Environment preparation:
      • Environment ready for testing:
      • Testing in progress:
      • Full penetration test:
      • Bug bounty programs: Incentives ethical hackers with rewards to find and report security vulnerabilities.
      • Focused test:
      • Executive interest: Report on senior management's engagement and support for critical projects within the organization.
      • One-off reviews: Assess specific projects outside regular development and release cycles to evaluate performance and implement improvements.
      • Emergency release: Supports emergency releases that are required for rapid software updates to address critical issues like security vulnerabilities.
    • Tests overdue:: Indicates the test pending from a certain time period. You can select the timeline for which you want to view the due tests, the drop-down options are: Due Yesterday,Due this week,Due last week,Due last month, and Due before last month.
    • Tests by release approvals: Indicates approval states for completed tests ready for release. Also, verifies that all necessary checks are completed before deploying new software. You can also view the state of these tests for the following six months by selecting the month from the filter drop-down on the top-right section of the tab.

    Findings

    Indicates the number of open penetration test findings (AVITs) reported along with the number of AVITs pending validation. You can view and navigate to the list of findings in different states by selecting each colored tile. The following data you can view under this section:
    • Open findings (AVITs) by risk rating
    • Validation pending for findings (AVITs)

    Team Overview

    Indicates the tests assigned to team members for the following six months period. Following are the different states:
    • Scoping in progress
    • Open
    • Scoping completed
    • Environment ready for testing
    • Testing in progress
    • Environment preparation