Welcome to the next chapter of our product journey, where user-centricity takes center stage. Our revamped Program Details Page is designed to be a comprehensive hub for both pentesters and customer users, facilitating easy access to vital information such as work packages and assets undergoing testing.
In this deep dive, we aim to guide you through the intricacies of the revamped page, showcasing how it enhances user convenience by prioritizing relevant information and ensuring seamless accessibility.
- General Information
This foundational section is the starting point for comprehending the overall program. Here, users can access crucial details such as the customer organization’s name, the customer’s details provided during program creation, the program’s creation date, and the identity of the person responsible for its inception.
Additionally, any documents uploaded during program creation are conveniently accessible in this section.
- Customer Organization: Displays the name of the organization undergoing penetration testing.
- Customer Name: Reflects the customer details provided during program creation.
- Created On: Highlights the program creation date.
- Created By: Showcases details of the person responsible for program creation.
- Attachment: Provides access to documents uploaded during program creation.
- Program Information
Providing a deep dive into the program’s vital statistics, this section delivers key insights.
Users can access information like the total count of assets within the program, the number of resources assigned to it, and a visual representation of the program’s progress through a comprehensive progress bar.
The start and end dates offer a timeline perspective, aiding in understanding the overall program duration.
- Total Assets: Displays the count of assets within the program.
- Resources: Indicates the number of resources assigned to the program.
- Program Progress Bar: Offers a graphical representation of the program’s progress.
- Start Date: Reveals the latest date among all assets.
- End Date: Displays the last date of all assets.
- Normal Progress Bar: Visualizes progress in green with remaining days.
- Due Date Progress Bar: Transforms to red, signaling overdue tasks, with due days displayed on hover.
- Findings Count Chart:
Using an informative Donut Chart, users can easily track the status of findings. This visual representation simplifies the understanding of findings marked as ‘Closed,’ ‘Accepted Risk,’ or ‘False Positive,’ providing a quick and intuitive overview of the progress in resolving and addressing identified issues.
- Program Status:
This section acts as a holistic indicator of the program’s health, reflecting the combined status of all work packages.
Users can effortlessly monitor whether the program is ‘In Progress,’ ‘Paused,’ ‘Completed,’ ‘Ready for Retest,’ ‘Ready for Fix,’ ‘Sign Off,’ ‘Pentest Report,’ ‘Retest Report,’ or ‘Scheduled.’
This consolidated view ensures users stay informed about the program’s overall status at a glance.
- In Progress: Indicates ongoing penetration testing.
- Pause: Flags a program pause due to external reasons.
- Completed: Marks the program as concluded with all reports uploaded.
- Ready for Retest: Designates the program for findings that require retesting.
- Ready for Fix: Automatically set when all findings are logged for customers to start fixing.
- Sign Off: Manually set to signify program completion after thorough review.
- Pentest Report: Signals the initiation of pentest report generation for all work packages.
- Retest Report: Indicates the ongoing process of finalizing reports for all work packages.
- Scheduled: Manually set to denote a program scheduled for a future time.
- Settings, Stakeholder list and Logs:
Stakeholder List
Access the list of all customers and SecureLayer7 stakeholders, with limited user removal capability.
Reports
Explore automated reporting tools created by SecureLayer7, facilitating report sharing with customers.
Logs
Delve into comprehensive logs detailing all program activities performed by every involved user.
Notifications
Enable automatic email notifications for the pentest team, containing comprehensive information on performed pentests.
- Work Packages:
Formerly known as phases, work packages are integral components of the revamped program details page. Each work package encapsulates a set of assets, creating a structured and organized framework.
For instance, a ‘Mobile Pentest’ work package may include assets such as iOS and Android. The combined details related to each work package, including reports and resources, are conveniently accessible within this section.
Reports:
Access all penetration testing reports from the dedicated section.
Resources:
View resource details assigned during penetration testing, accessible only to SecureLayer7 users.
Statuses:
- In Progress: Indicates active pentest team engagement.
- Pentest Report Draft: Marks completion of pentesting, with the SecureLayer7 team working on post-pentest reports.
- Ready For Fix: Signifies that customers can start fixing vulnerabilities, with reports available.
- Retest Report Draft: Indicates ongoing retest report generation.
- Completed: Marks completion of all processes within the work package.
- Sign Off: Indicates a final review and approval by the pentest lead.
- Pause: Flags a work package pause due to external reasons.
Progress Bar:
This dynamic visual element offers a real-time snapshot of program activity. It gets updated whenever findings within the program are marked as ‘Closed,’ ‘False Positive,’ or ‘Accepted Risk.’
This instant feedback mechanism keeps users informed about the ongoing review and resolution process, showcasing progress and decision-making stages.
Finding Count:
The severity of findings is visually represented through a color-coded block count. This feature allows users to grasp the criticality of identified issues at a glance, enhancing their ability to prioritize and address the most impactful findings promptly under the work package.
- Assets:
Under the umbrella of work packages, users can explore a detailed breakdown of assets. This section organizes all findings, details, and retests associated with each asset. It provides a comprehensive view, offering insights into engagement type, testing method, duration, module list, related attachments, and more.
Details:
Access high-level asset information, including engagement type, testing method, duration, module list, and related attachments.
Findings:
Review all findings related to a specific asset.
Retests:
Check all the findings moved that are under retest by the pentesters under this tab.
Statuses:
- On Track: Default status, indicating active logging of findings by pentesters.
- Ready For Fix: Manually set by pentesters upon logging of all findings for a specific asset.
- Completed: Automatically set once all asset findings are resolved.
- Off Track: Manually set in case work on an asset is halted.
Progress Bar:
Similar to the program-wide progress bar, this asset-specific progress bar ensures users stay updated on the status of findings related to individual assets. As findings are marked ‘Closed,’ ‘False Positive,’ or ‘Accepted Risk,’ this progress bar reflects the ongoing review and resolution process, providing users with a nuanced understanding of asset-specific developments.
How to understand the status changes?
Step 1:
Initially, Work Packages are set to “In Progress,” and Assets are marked as “On Track” by default. When the pentester manually logs findings for an asset, its status changes to “Ready for Retest.”
Step 2:
Once findings for all assets are logged, the Work Package status transitions to “Pentest Report Draft.” At this stage, the SecureLayer7 team works on the necessary documents.
Step 3:
After uploading documents for the Work Package, customers are notified, and the status is set to “Ready for Retest.” This signals teams reliant on reports to start addressing the identified issues.
Step 4:
Customers fix the findings, send them for retesting, and mark them as “Closed,” “Accepted Risk,” or “False Positive.” If all findings receive these statuses, the asset is considered completed. A progress bar provides a visual representation of the completion status.
Step 5:
With all findings fixed for all assets, the Work Package status changes to “Retest Report Draft.” SecureLayer7 then begins drafting the retest reports.
Step 6:
After uploading the retest reports, the Work Package status is set to “Completed.”
Step 7:
In the final step, SecureLayer7 reviews the entire program and marks the Work Packages as “Sign Off.”
This structured process ensures a systematic and transparent approach to managing and resolving security findings, from initial discovery to final sign-off.
Where can you find this?
To explore the program details page, go to the program details from the program list in the BugDazz platform. Once you land on the page, you can see the revamped program details page.