Configure penetration testing

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • You can configure the sprint duration and estimated effort for penetration testing assessment types. This provides the scheduling functionality for application owners, helping them determine a tentative time frame for their penetration test assessment requests.

    Before you begin

    Role required: Ethical Hacker

    About this task

    Configuring the penetration test assessment settings for the ethical hacking team also helps determine the group and point of contact that receives the penetration test assessment request.

    Starting with v19.0 of Vulnerability Response, if you are using the Veracode Vulnerability Integration, the penetration assessment tests in the Veracode Vulnerability Integration are manual findings from Veracode. They are not linked to any penetration test assessment requests you configure in Application Vulnerability Response. For more information about penetration test assessments from Veracode, see the Veracode Vulnerability Integration.

    Procedure

    1. Navigate to All > Application Vulnerability Response > Administration > Penetration Testing Configuration.
    2. Use the first section to configure the assignment group.
    3. On the form, fill in the fields.
      Table 1. Penetration Test Configuration form
      Field Description
      Penetration testing team user group Group to which the penetration test assessment request is assigned.
      Default assignee for penetration testing assessment requests Point of contact for the penetration test assessment request.
    4. Select Update.
    5. Use the second section to configure sprints.
      For details, see Configure sprints for penetration testing.
    6. Use the third section to configure assessment types.
      For details, see Configure assessment types for penetration testing.