Penetration Testing Services Cloud Pentesting Penetration Network Pentesting Application Pentesting Web Application Pentesting Social Engineering January 7, 2025 On this page Centralized Pentesting Intelligence: Boosting Efficiency with the BreachLock Unified Platform Unify your security testing with the BreachLock Unified Platform consolidating all your product solutions and test findings. Leverage a common data model, validate attack paths, and map your entire attack surface – all in one place. BreachLock breaks down silos and connects solutions to deliver a unified view of your security landscape for comprehensive asset visibility. By leveraging the power of integration, BreachLock consolidates PTaaS, Attack Surface Management, continuous pentesting and automated scanning, as well as red teaming capabilities in one data model for endless clarity and reporting. Unlock unparalleled operational efficiency, gain crystal-clear transparency, maximize the impact of your security testing, and confidently measure ROI—all with a comprehensive, centralized view of your security investments and outcomes. PTaaS: Pentests This capability showcases Penetration Testing as a Service(PTaaS) as part of the BreachLock Unified Platform and the pentests feature integrated alongside BreachLock’s other offensive security solutions in the platform. BreachLock’s PTaaS model offers human-led or manual pentesting conducted by certified, in-house pentesters, as well as automated pentesting and continuous scanning, maximizing the flexibility and versatility to choose the solution and methodology that works best for organizations. Within the BreachLock Unified Platform under PTaaS, is the Pentests feature. This feature offers a cumulative, rolled-up view of all pentests conducted through the manual pentesting process. PTaaS: Pentests Dashboard Overview Users will see all pentests itemized by name, product or asset type, and type of pentest (Black Box, Gray Box, or White Box), start date, estimated time of completion if in a Requested or In Progress state, and its status. Completed pentests will include the date the test was completed. Editing a Pentest Pentests can be edited for those pentests that have been Requested, Scheduled or Completed. Those pentests that are in Progress can be viewed or paused. All will take you to the Edit menu while pausing a pentest will take you to a pop-up menu that will actually pause the pentest that can later be resumed. Editing a “Scheduled Pentest” Editing a Pentest: Pentest Setup Users can edit a pentest depending on what the user would like to do. The editing menu includes four stages: Stage 1: Pentest Setup: This is represented by pentest name, product type alongside remaining credits, and about the product or test that the users have scheduled. Credits Remaining: This menu will also provide the number of credits remaining for this type of product pentest. Comments: Users can add comments in real-time for team members or to BreachLock experts on any and all pentests. Simply click on “Add Comment” and enter your comments. Users can also mark it as “Private” (for internal organizational purposes only) or “Public.” Public makes the comment available to BreachLock experts and anyone on your team with user credentials. Users can also attach any documentation pertaining to this comment that may prove of interest. Editing Pentest: Select Asset Stage 2: Asset Inventory: This is a complete Asset Inventory of active pentests. This includes the asset for which the pentest will be performed, All Labels, which are those assets that have been auto discovered or manually added by the user, Active or Inactive, and the ability to filter by subdomain or URL. Actions: To the far right you will see an Action column. By clicking on the ellipses, users can edit the particular pentest on an asset or completely deactivate it. Edit: By clicking on edit the user can change the asset name, alias name, and asset type. Deactivate: The user also has the ability to deactivate this pentest and eliminate it from scheduled pentesting. Create Asset Group: Users can create Asset Group by asset type by clicking on the “ASSET GROUP” button. Editing Pentest: Pentest Configuration Stage 3: Pentest Configuration: Under pentest configuration, users can edit the environment in which the pentest will run (production or non-production). Virtual Appliance (VA): As the above example is a Black Box internal network pentest, users can select the VA – either Hyper-V or OVA – and then can generate a key for that appliance. Base URL: The user will include the Base URL with the ability to copy this for VA installation. Editing Pentest: Pentest Schedule Stage 4: Pentest Schedule: By hitting next, the final step in the editing process for this pentest is Pentest Schedule. Here it shows when the pentest has been scheduled and the user will have the ability to change the Time Zone, preferred state date and time, and provide any testing time restrictions. Submit: When all edits are completed, the user will hit Submit and a green box will appear in the upper right stating that all edits to the pentest have been made successfully. Scheduling a New Pentest At some point, users may want to request and schedule a new penetration test within the scope for various reasons such as: Identification of Gaps or Changes: Users schedule new pentests to address newly identified or previously untested assets, areas requiring validation, or outdated findings. Business or Compliance Needs: Regulatory deadlines, business events, or new deployments may prompt the need for fresh testing to meet compliance and security standards. Emerging Threats and Risks: Rising threats or high-risk assets require targeted testing to ensure critical vulnerabilities are mitigated. Proactive Security Strategy: Regular testing supports a proactive offense by addressing evolving threats and ensuring continuous security improvements. On the Pentests Dashboard, users can request a “New Pentest” whereby users can set up the pentest by product type. New Pentest: Request New Pentest: Setup Pentest Setup: By clicking on this drop-down menu, users can begin to configure the new pentest. Users can view all pentests that have been agreed upon within the scope and select the product type or asset and type of pentest they will to request. What is extremely valuable is the user can see to the right all credits remaining and whether there are enough credits remaining to add a new pentest. New Pentest: Select Asset Select Asset: The next step is the user will be taken to “Asset Inventory” where they will be able to select the IP address for which the user would like to run the network pentest. At this point, the user will configure and schedule the requested pentest and follow the same steps as noted above in Stages 3 and 4 under Editing a pentest and then submit. Lastly, the user can schedule the pentest by selecting the time zone, start date, and time and submit the pentest request. A green box will appear at the top stating that the pentest has been requested successfully and users will also see the pentest name, product, and start date that has been configured for the pentest. The user will see “Requested” off to the far right. Once again, if the user wishes to edit this pentest, simply click on the ellipses under the Action column and select edit to go through the process mentioned earlier. Requested Pentest Visible in Dashboard Having a centralized view of all pentests allows users to maintain better oversight and control of their security pentesting activities. Users can quickly assess the status of each pentest enabling uses to identify gaps in their pentesting activities, and to streamline resource allocation. This visibility reduces the risk of any missed pentests that need to be conducted on any vulnerable assets to identify vulnerabilities for assessment and remediation. Additionally, tracking the statuses of al pentests with the ability to edit and make comments for both internal and external partners, fosters efficient decision-making highlighting pentesting priorities and aligning testing schedules within the organization’s evolving threat landscape. Watch all demos of The BreachLock Unified Platform here. Author Ann Chesbrough Vice President of Product Marketing, BreachLock Industry recognitions we have earned Tell us about your requirements and we will respond within 24 hours. Fill out the form below to let us know your requirements. We will contact you to determine if BreachLock is right for your business or organization.