Retesting is a crucial phase after the initial pentest to verify that the identified vulnerabilities have been effectively remediated. Below are the essential steps of the retesting process:
Requesting Retesting | You may request retesting of specific bugs you've addressed during or after the pentest has concluded. |
Retesting Window | The duration for which retesting can be requested without incurring extra costs varies based on the pentest tier. It could be either 30 or 90 days post-pentest. To learn about the time window for your specific tier, always refer to the pentest tier details. |
Claiming a Retest | Once a retest is requested, members of the pentest team can claim the task through their dashboard under the 'Retesting' tab.
If a claimed retest isn't completed within 72 hours, it becomes available for other team members to claim from the same dashboard. |
Duration for Retesting | Once claimed, a retest should be completed within 72 hours. |
Reporting Retests | Any retesting findings or confirmations are documented in the initial vulnerability report. It's imperative for the pentesters to provide evidence, showcasing whether the vulnerability has been successfully addressed or persists. |