Penetration testing states
Application owners can request penetration test assessment for their applications, and monitor the progress of the ethical hacking team until the request is resolved.
The penetration test assessment request passes through the following transition states until it is resolved.
| Field | Description |
|---|---|
| Penetration testing states | |
| Open | State when the assessment request is created by the application owner. |
| Scoping | Ethical hacking team assesses the request and the scope of the application. |
| Environment Preparation | Application owner creates an environment with roles and other information and provides it to the ethical hacking team for testing. |
| Testing | Ethical hacking team manually tests the application to identify the penetration test findings. |
| V16.1: Testing In Progress | Ethical hacking team indicates that testing is currently in progress. If this state is selected, the Testing On Hold option becomes available on the form. |
| V16.1: Testing On Hold | This field is displayed only when the Testing In Progress state is selected. Ethical hacking team controls the service level agreements (SLAs) of the penetration test assessment requests by selecting this state, if required. This ensures accurate SLAs are reported. |
| V16.1: Testing In Review | Ethical hacking team indicates that testing is complete, and is being reviewed by a subject matter expert. |
| Closed | The ethical hacking team closes the penetration test assessment requests after the penetration test findings are reported. Note: Starting
from V16.1, you can use the Copy and Create Request option on the form to replicate the request in Closed state and create a new request. For details, see Replicate a penetration test request in closed state. |
| V16.1: Cancelled | Application owner cancels the penetration test assessment request. |
| V16.1: Draft | Application owner creates a request and saves it as a draft before submitting the request. |
| Application Vulnerable Item states | |
| Open | When the ethical hacking team identifies and creates the penetration test findings, their status is Open. |
| Resolved | When the application team resolves the penetration test findings, their status is moved to Resolved. Note: If the penetration test finding has been resolved but is yet to be validated by the ethical hacking
team, the substate is Validation Pending. |
| Closed | Ethical hacking team validates that the penetration test findings have been resolved and moves the status to Closed. |