Penetration Dashboard components

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Penetration Dashboard components

    The Penetration Dashboard in the Zurich release enables ServiceNow customers to visually track and analyze their penetration testing activities, team progress, and critical security validations. This dashboard consolidates key metrics and statuses related to penetration test requests, findings, and team assignments to help drive informed business decisions and ensure timely remediation of security vulnerabilities.

    Show full answer Show less

    Key Features

    • Important Items Indicators: Displays counts of unassigned emergency release test requests, overdue tests, unassigned tests, and critical validations pending. Each indicator tile can be selected to view detailed lists and take action.
    • Penetration Test Requests: Visualizes test requests by their lifecycle states (e.g., Open, Scoping in progress, Testing in progress, Emergency release) and allows filtering by month for up to six months. Also highlights tests overdue with customizable timeframes (e.g., due yesterday, due this week).
    • Tests by Release Approvals: Shows the approval status of tests ready for deployment, ensuring all necessary checks are completed before software release. This can also be filtered by month for six months.
    • Findings: Provides counts of open penetration test findings (AVITs) categorized by risk rating and those pending validation, enabling prioritization of remediation efforts.
    • Team Overview: Summarizes tests assigned to team members with statuses over a six-month period, helping managers monitor workload and progress across different testing stages.

    Practical Benefits for ServiceNow Customers

    • Quickly identify and address critical penetration testing tasks such as unassigned tests and overdue validations.
    • Monitor the status and progression of penetration test requests across multiple stages and timeframes to maintain testing cadence and compliance.
    • Track findings by risk and validation status to prioritize security issues effectively.
    • Gain visibility into team assignments and workloads to optimize resource allocation and improve testing efficiency.
    • Ensure software releases meet security requirements by tracking test approvals before deployment.

    Analyze your team's progress and data visually and drive business outcomes with the help of the components on your personal dashboard.

    Important Items indicators

    View the unassigned emergency release, tests past overview date, unassigned tests and any critical validation pending.
    • Unassigned emergency release: Indicates the total count of unassigned penetration test requests for the 'emergency release' assessment type.
    • Tests Overdue: Indicates the total count of tests past due date.
    • Unassigned tests: Indicates the total count of unassigned tests to the team.
    • Critical Validation Pending: Indicates the total count of AVITs for all the requests in the "Validation Pending" state.
    Note:
    Select each tile to view the list of items and perform the required tasks.

    Penetration Test Requests

    View the test requests by state, tests overdue, and tests by release approvals.
    • Test requests by state: Indicates the number of test requests in these different states of the Penetration Testing cycle. You can view and navigate to the list of test requests in different states by clicking on each colored tile. You can also view the state of these tests for the following six months by selecting the month from the filter drop-down on the top-right section of the tab. Following are the different test request states:
      • Open: Number of test requests open.
      • Scoping in progress:
      • Scoping completed:
      • Environment preparation:
      • Environment ready for testing:
      • Testing in progress:
      • Full penetration test:
      • Bug bounty programs: Incentives ethical hackers with rewards to find and report security vulnerabilities.
      • Focused test:
      • Executive interest: Report on senior management's engagement and support for critical projects within the organization.
      • One-off reviews: Assess specific projects outside regular development and release cycles to evaluate performance and implement improvements.
      • Emergency release: Supports emergency releases that are required for rapid software updates to address critical issues like security vulnerabilities.
    • Tests overdue:: Indicates the test pending from a certain time period. You can select the timeline for which you want to view the due tests, the drop-down options are: Due Yesterday,Due this week,Due last week,Due last month, and Due before last month.
    • Tests by release approvals: Indicates approval states for completed tests ready for release. Also, verifies that all necessary checks are completed before deploying new software. You can also view the state of these tests for the following six months by selecting the month from the filter drop-down on the top-right section of the tab.

    Findings

    Indicates the number of open penetration test findings (AVITs) reported along with the number of AVITs pending validation. You can view and navigate to the list of findings in different states by selecting each colored tile. The following data you can view under this section:
    • Open findings (AVITs) by risk rating
    • Validation pending for findings (AVITs)

    Team Overview

    Indicates the tests assigned to team members for the following six months period. Following are the different states:
    • Scoping in progress
    • Open
    • Scoping completed
    • Environment ready for testing
    • Testing in progress
    • Environment preparation