![Siemba-1 (3) (1).png]](https://www.siemba.io/hs-fs/hubfs/Siemba-1%20(3)%20(1).png?height=40&name=Siemba-1%20(3)%20(1).png){kind=small}
Pentest Success Team
This section’s goal is to facilitate your communication with Siemba and your team. With two tabs allowing you to toggle between both teams, you will be able to see: the Lead Project Person & Developer on the Enterprise’s tab and the Customer Success Manager & Technical Leader.
In this section, you are also able to message or email the team members from each team by clicking the icons to the right of each person on the list.
When you click on either the email or the message icons, a pop-up allows you to send the message you want is shown.
Questions
In this section, you are able to see a chat window with yourself and a Siemba Team member where you can easily communicate with them for any clarification regarding the pentest. On the text box, you are able to type a message and then send it.
You are also able to upload a file to the chat, this file can be a PDF, JPEG, JPG, etc. by clicking the upload button to the right of the text box.
Principal Insights
This next section has all of the principal insights of the finding explained in detail. Insights like the Vulnerable End Point, Description of the Vulnerability, Description of the Findings, Impact, etc. Developers will have all the required information to remediate the vulnerability.
More Insights
This section has two tabs at the beginning of it. The first one is Steps to Reproduce, which shows you a flowchart of the steps that need to be followed in order to reproduce the finding. Each step is on a card with the number of the step as a title, a brief description of the step, and a button to see the associated images of the step.
The second tab is the Proof of Concept tab, where you are able to see proof of the vulnerability found by the Siemba team in either an image or a video format. To the top right of the section, there are three buttons; All, Picture, and Video, which allow you to filter the contents of the section by file type.
Risk Matrix
The last section of this dashboard is the Risk Matrix; here you can see all the information about the risks in your Finding, like the CVSS, DREAD, WASC Category, etc.
Category Types
- OWASP Category - Open Web Application Security Project (OWASP) is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
- WASC Category - The WASC Threat Classification is a cooperative effort to clarify and organize the threats to the security of a website. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues.
- CWE Category - The Common Weakness Enumeration (CWE) is a category system for hardware and software weaknesses and vulnerabilities. It is sustained by a community project with the goals of understanding flaws in software and hardware and creating automated tools that can be used to identify, fix, and prevent those flaws.
- NIST 800-53 Category - The NIST 800-53 is a cybersecurity standard and compliance framework developed by the National Institute of Standards in Technology. It's a continuously updated framework that tries to flexibly define standards, controls, and assessments based on risk, cost-effectiveness, and capabilities.
Scoring Types
- CVSS - The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
- DREAD - DREAD is a framework that can be used to evaluate and triage various threats by rating them on an ordinal scale. The framework is broken into five main categories: Damage, Reproducibility, Exploitability, Affected Users, and Discoverability.