Cyver.io is a modular pentest-as-a-service platform delivering automation and work management tools to pentesters. These include report automation, findings management and a library, client management, a client portal, and tool integration for scanners and much more.
Our features are all part of a toolset designed to digitize the full pentest process, reducing manual work, and offering secure digital communication and project management. These tools provide an out-of-the-box solution for pentesters looking to scale operations, streamline and reduce overhead, and automate manual processes.
Our Mission and Vision
Today, an estimated 30% of all organizations use digital processes. Despite that, most pentesters still rely on manual processes with email and Excel project management. Communication with clients is also old-fashioned, typically including face-to-face meetings, email, and phone calls. These processes are slow, lack security, and can be cumbersome to organizations accustomed to digital processes. This extends from day one with the initial quote to the final report, which most pentesters deliver in the form of a 30-60+ page report.
Clients are also increasingly shifting away from pentesting for compliance towards pentesting for security. This shift increases both the volume and scope of pentests. Organizations need pentest firms that can seamlessly integrate into their Agile development cycles, but many pentesters simply don’t have the capability. Instead, they’re stuck delivering time-consuming manual reports that cost the client significant effort to break into tasks.
While demands for pentests are rising, many pentesters face numerous bottlenecks. In fact, 47% of pentest firms report understaffing, with many taking 6 or more months to find a qualified new hire. Yet, many pentesters spend as much as 60% of their time performing manual, repetitive tasks like parsing reports, emailing, and updating Excel documents. This leaves the industry vulnerable to replacement by scanners, red teaming, and other alternatives.
At the same time, pentesters deliver real value. Human insight in pentesting is more valuable than any number of scans. Pentesters aren’t losing relevance, they just need better tooling to deliver results in a modern, digital format – with findings built around the needs of Devs and resolving those issues.
That’s why we built Cyver. Our platform functions as a digital layer between the Pentester and the client to deliver your work in a new, digitized way, with pentest-as-a-service.
What is Cyver?
Cyver delivers modular pentest-as-a-service with a cloud platform delivering features to automate and streamline pentest processes. Our platform is scaled to be affordable and accessible, so you can add on features as you need them.
Once you onboard your team, inviting and running a pentest inside Cyver is simple:
- Sign-up – Clients sign up via a white-label widget on your website or via an email link
- Request – Clients or pentesters can request and launch a pentest from the portal using pentest templates to automate roles, task assignation, and pentest checklists.
- Setting Scope – The client uploads their assets and sets the project scope inside the portal. All access permissions are shared securely in the portal.
- Onboarding Teams – Pentesters assign members to the project to receive notifications, task assignations, etc. The client can assign stakeholders to see notifications, review data, and communicate with pentesters.
- Project Start – The pentest starts. Pentesters can use out-of-the-box checklists to ensure accountability and quality control across the pentest.
- Importing Findings – The pentester imports findings from tools like Burp, Nessus, and OpenVAS. The import wizard can automatically connect findings to standardized compliance norms like OWASP10, SANS Top 25, etc. The wizard also imports as much data as possible from the findings database to populate CVE scores, finding description, etc. Then the pentester reviews and finalizes CVE scores, findings descriptions, etc., and publishes the finding
- Client Review – The client’s team receives notifications of Findings. They can communicate, request help in resolving the issue, and then either close the finding, accept the vulnerability, or request a retest to verify it’s solved
- Final Report – The client requests a final report, which they can use for compliance and audits
- Planning – The client can automatically schedule their next pentest to ensure ongoing security
Cyver delivers an out-of-the-box pentest-as-a-service solution. With a completely scalable and modular platform, we believe it’s everything you need to get started digitizing pentest processes. And, with our preliminary data showing our users save 10-29% on overhead costs alone, we firmly believe investing in digitizing your processes will pay off.