Penetration Dashboard components

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Penetration Dashboard components

    The Penetration Dashboard in the Yokohama release enables ServiceNow customers to visually analyze their team's progress and data related to penetration testing. It provides key indicators and categorized views to help manage test requests, findings, and team assignments effectively, driving better business outcomes through focused security validation and timely responses.

    Show full answer Show less

    Key Features

    • Important Items Indicators: Displays critical metrics such as unassigned emergency release tests, overdue tests, unassigned tests, and critical validation pending. Each indicator is interactive, allowing users to view detailed lists and take action.
    • Penetration Test Requests: Shows the count of test requests by various states in the penetration testing cycle, including open, scoping in progress, environment preparation, testing in progress, bug bounty programs, emergency releases, and more. Users can filter data by month for up to six months ahead and navigate to specific request lists.
    • Tests Overdue: Allows filtering overdue tests by specific time ranges such as due yesterday, this week, last week, last month, and before last month to prioritize remediation efforts.
    • Tests by Release Approvals: Tracks approval statuses of completed tests ready for release, ensuring all checks are complete before software deployment. This also supports six months of future state filtering.
    • Findings: Displays the number of open penetration test findings (AVITs) categorized by risk rating and highlights those pending validation. Users can drill down into these findings for detailed review.
    • Team Overview: Provides visibility on tests assigned to team members over a six-month period across various states such as scoping, environment readiness, and testing progress, aiding resource management and workload distribution.

    Key Outcomes

    • Enables proactive management of penetration tests by highlighting unassigned, overdue, and critical validation tasks.
    • Supports detailed tracking and navigation of test requests and findings, improving transparency and accountability.
    • Facilitates timely approvals and release readiness verification to maintain software security and compliance.
    • Enhances team coordination by clearly displaying assignments and progress across multiple testing phases.
    • Allows filtering and forecasting over a six-month horizon, helping teams plan and prioritize penetration testing activities effectively.

    Analyze your team's progress and data visually and drive business outcomes with the help of the components on your personal dashboard.

    Important Items indicators

    View the unassigned emergency release, tests past overview date, unassigned tests and any critical validation pending.
    • Unassigned emergency release: Indicates the total count of unassigned penetration test requests for the 'emergency release' assessment type.
    • Tests Overdue: Indicates the total count of tests past due date.
    • Unassigned tests: Indicates the total count of unassigned tests to the team.
    • Critical Validation Pending: Indicates the total count of AVITs for all the requests in the "Validation Pending" state.
    Note:
    Select each tile to view the list of items and perform the required tasks.

    Penetration Test Requests

    View the test requests by state, tests overdue, and tests by release approvals.
    • Test requests by state: Indicates the number of test requests in these different states of the Penetration Testing cycle. You can view and navigate to the list of test requests in different states by clicking on each colored tile. You can also view the state of these tests for the following six months by selecting the month from the filter drop-down on the top-right section of the tab. Following are the different test request states:
      • Open: Number of test requests open.
      • Scoping in progress:
      • Scoping completed:
      • Environment preparation:
      • Environment ready for testing:
      • Testing in progress:
      • Full penetration test:
      • Bug bounty programs: Incentives ethical hackers with rewards to find and report security vulnerabilities.
      • Focused test:
      • Executive interest: Report on senior management's engagement and support for critical projects within the organization.
      • One-off reviews: Assess specific projects outside regular development and release cycles to evaluate performance and implement improvements.
      • Emergency release: Supports emergency releases that are required for rapid software updates to address critical issues like security vulnerabilities.
    • Tests overdue:: Indicates the test pending from a certain time period. You can select the timeline for which you want to view the due tests, the drop-down options are: Due Yesterday,Due this week,Due last week,Due last month, and Due before last month.
    • Tests by release approvals: Indicates approval states for completed tests ready for release. Also, verifies that all necessary checks are completed before deploying new software. You can also view the state of these tests for the following six months by selecting the month from the filter drop-down on the top-right section of the tab.

    Findings

    Indicates the number of open penetration test findings (AVITs) reported along with the number of AVITs pending validation. You can view and navigate to the list of findings in different states by selecting each colored tile. The following data you can view under this section:
    • Open findings (AVITs) by risk rating
    • Validation pending for findings (AVITs)

    Team Overview

    Indicates the tests assigned to team members for the following six months period. Following are the different states:
    • Scoping in progress
    • Open
    • Scoping completed
    • Environment ready for testing
    • Testing in progress
    • Environment preparation