The main objective of this article is to enlighten organizations on how the retesting phase of a vulnerability in Ethiack works. Clarify the steps to be taken to request the retesting of vulnerabilities.
Ethiack's aim is to test organization's assets to identify vulnerabilities and attack vectors that could cause damage to the organization, so these can be analysed and mitigated in the best way possible.
A vulnerability can be identified in a particular asset and communicated to the client, who, in an ideal scenario, may reproduce it internally with their team members and mitigate it.
At Ethiack, the retesting of any vulnerability can be requested by the organization at any time, bearing in mind that in the case of Human Hacking, the retesting phase lasts 90 days after the reports on the event have been submitted.
How can I request a retest of a vulnerability?
Let's start by saying that there are two variants used by Ethiack to identify vulnerabilities in organization's systems: Machine Hacking and Human Hacking.
In Machine Hacking events, there is constant monitoring of the various assets and any changes they may have during the various analyses carried out on the organization.
Therefore, when a vulnerability is identified, it will be retested automatically when a new scan is carried out on the asset and/or vulnerability in question.
However, if a vulnerability has been mitigated by the client, they can request an immediate retest by following these steps:
- Click on the vulnerability that you want to retest;
- Make sure that the vulnerability has the status "Fixed";
- Click on the "Retest" button and the retest should start:
- Wait until the retest is finished, and we may see two possible outcomes:
- Vulnerability it's fixed:
- Vulnerability it's not fixed:
- Vulnerability it's fixed:
In Human Hacking events, the way they take place is different, being more precise events, focusing in a defined scope and during a period of time aligned between the Ethiack team and the organization.
For this reason, retests should be requested either via the portal, in the case of a few specific vulnerabilities, or if they involve a large volume of identified vulnerabilities, they can also be requested via email with organization's Security Manager, the Ethiack team member who follow-up with them during the event.
To request a retest of a vulnerability on the portal, follow these steps:
- Click on the vulnerability that you want to retest;
- Make sure that the vulnerability has the status "Fixed";
- Click on the "Retest" button;
- Notice that a comment is added in the comments section.
- This comment will notify the ethiacker responsible for identifying that vulnerability and it will make them start retesting it as soon as possible.
- If the vulnerability is fixed, the status will stay the same and the ethiacker will comment down that the retest is finished.
- If the vulnerability is not fixed or it's possible to bypass it, the vulnerability will pass to "Triaged" status and a comment will explain why it's not fixed or if it's possible to bypass it.
Note: In both machine and human hacking events we will not only try to check whether the mitigation has been successful, but they will also try to check whether there are any possible bypasses to the specific mitigation, thus making the solution more robust.