Pen Test

Pen Test, is an ethical hacking subscription service that helps organizations identify and validate critical vulnerabilities in their environment. Pen Test is available as a subscription or project.

Get Pen Test

Pen Test is a security analyst-driven service you can purchase as an add-on to Fortra Vulnerability Management (Fortra VM) or by itself.

Existing clients

  1. To add Pen Test, log in to Fortra VM and select Account > Service Subscriptions.
  2. Select Penetration Testing, and then select Request Service for the penetration testing service desired. A Client Support representative will contact you after you submit your subscription request.

Existing Fortra VM clients 

  1. To add Pen Test, log in to Fortra VM and select the account to which Penetration Testing is to be added.
  2. From the navigation menu, select Account > Service Subscriptions.

  3. Select Penetration Testing, and then select + Add Service. Select the options required.

NOTE: New clients: If you do not have a Fortra VM account, contact a Fortra account representative.

Remove Manually Added Vulnerabilities

To remove vulnerabilities from scan results during Pen testing:

  1. From the navigation menu, select Active View, and then select the required scan.

  2. Under the Vulnerabilities tab, select More options > Remove Vulnerability.

  3. Select OK to remove the pertinent vulnerability.

Access Your Pen Test Results

To access your Pen Test results in Fortra VM:

  1. From the navigation menu, select Scans > Scan Activity.

  2. Select the name of your Pen Test to see its results. If you do not immediately see your test, sort the scans by Workflow.

  3. Choose one of the following options to see your security analyst’s impact and recommendation notes:
    1. Select the Analysis tab.
    2. Select Build Report.
    3. Select the appropriate Pen Test report template, and then select Save. Your report is available for download on the Report History page (to access it, select  History).

RNA Access Request

RNA Access Requests are only available to users who have been designated with Penetration Tester role or RNA login access permission.

Create New Pen Test

In the Create New Scan form, subscribed users can see the option of selecting Pen Test as an option in the scan's Workflow. Pen Tests require the assignment of an approved analyst. A warning is displayed under Assigned Analysts to flag the need for the penetration tester to submit a new access request. An analyst can be assigned once access approval is granted.

Request RNA Access

Pen Testers can request access to a RNA from the navigation menu by selecting Client Ops > RNA User Access . Here, RNA user access requests are displayed along with a button to submit a + New access request.

In the open form a Pen Tester discloses the details of their access needs including the account, reason, duration, and scanners requested. Once the request is saved it will display in the request list with a white status icon indicating the request has is Not Approved. Pen Testers are not authorized to approve or revoke a RNA Access Request, but they can modify and save changes to one that is pending.

A notification email is sent to Pen Testers anytime access to a RNA is approved or revoked. When the RNA access is approved the Pen Tester can be assigned as an analyst to a scheduled Pen Test.

For quick access, use the action button to Request RNA Access from the Awaiting Confirmation menu item, under Pen Testing in the navigation menu. On the right side of any of the Manually Added Vulnerabilities in the list, select RNA Access to jump to the request access form.

SSH Public Key

To enter a SSH public key to use in support and penetration testing, select your user name from the header under My Profile, and then under the General tab, enter the key in the SSH Public Key box.