🚥Retesting

The goal for many clients is to remediate reported vulnerabilities, have the remediation validated, and obtain evidence that they have done so for any stakeholders, auditors, or customers. Depending on the size of the report and availability, we can typically support retesting within two weeks of the request. For maximum flexibility, if you have a tight timetable, please let us know when you have an ETA for remediation completion as soon as possible and we can schedule a retest date.

A retest involves retesting the previously reported vulnerabilities and not identifying new vulnerabilities (unless new vulnerabilities arise as a direct result of remediation). Depending on your internal SLAs and timelines you can retest all vulnerabilities, or only a subset, e.g. high or critical severity vulnerabilities. If you are testing a subset of vulnerabilities, please provide Software Secured a list of the specific unique issue IDs that require retesting before the retest date. Additionally, it is advised to confirm if the retesting is occurring within the same environment and with the same accounts as the initial test, or in a new environment.

Upon completion of retesting, Software Secured will provide an updated report with the status of the vulnerabilities. Should some vulnerabilities not be effectively fixed this will be indicated in the updated report with supporting comments or evidence. Software Secured can support a maximum of 3 rounds of retesting for Pentest 360, 1 round of retesting for Pentest Essentials and unlimited retesting for PTaaS to validate revised remediation, this is subject to schedule availability. Additional retesting may be possible for an additional fee.

How to book a retest:

1. Navigate to the "Vulnerabilities" tab.

2. In the "Vulnerabilities" section of your desired project, select all vulnerabilities that you would like to request a retest on.

3. Then, click "Book a Retest" from the button options on the top right.

1. This will add the vulnerabilties to your retesting round. To view and submit your retest round, click on the retest round icon:

1. A modal will appear with the details of the items in your retest round. You can navigate back to the vulnerabilties table and add more items to the retest round with the "Add to Retest" button. If you have any notes about the issues to retest or the retest environment, you can include them in the note field. Submit your retest batch by using the "Submit Request" button at the bottom of the modal.

Following a re-test, the status of your vulnerabilities may change. You will receive a notification by email and/or Slack every time new results are available for your project(s) in Portal. The vulnerability status will change to "Updated” and the "Last updated" date will also change to the date of the most recent re-test.

If a known vulnerability has been successfully remediated, it will no longer be listed in Portal and the SLA status will change to "Compliant."

If the issue remains unresolved, the SLA status will not change as the SLA policy begins on the date that the vulnerability was first found.