CyTech AQUILA - Virtual Penetration Testing (Module)
Overview:
Virtual penetration testing is a controlled, authorized simulated attack on an organization’s systems that’s performed remotely (often against virtualized, cloud, or networked environments) to discover security weaknesses before malicious actors do.
Key Features:
- Dashboard - shows overall asset status, recurring vulnerabilities, trends, and recent scan results.
- Scan - lets users run different penetration tests, set scope, schedule, and monitor progress.
- Reports - provide summarized findings with severity, remediation guidance, compliance mapping, and export options.
Step 1: Log in to CyTech – AQUILA. https://usdc.cytechint.io/
Step 2: In the left side panel, you can see the list of six (6) domains, kindly choose and click the Risk Management (Domain) -> Virtual Penetration Testing (Module) -> Dashboard (Sub Module)
"Dashboard (Sub-module)" - Virtual Penetration Testing (Module)
The Virtual Penetration Testing Dashboard provides an overview of asset status, highlights top recurring vulnerabilities, shows trends of detected and open vulnerabilities over time, and lists recent scans with their progress and completion status.
Uses of Dashboard Sections (1–6)
- Asset Status - hows the overall security health with a reminder to review and address vulnerabilities.
- Managed Vulnerabilities - displays the total accepted or mitigated issues to track resolved findings.
- Top Recurring Vulnerabilities - lists repeated issues such as CSP misconfigurations and missing cookie attributes, categorized by severity.
- Detected Vulnerabilities Over Time - graph tracks vulnerabilities across recent days, broken down by severity levels.
- Recent Scans - table shows the last tests performed, including their targets, scan types, progress, and status.
- Open Vulnerabilities - chart provides a line trend of unresolved risks over a selected time frame.
1. Asset Status
This section is the Asset Status view for monitoring asset vulnerabilities. It shows the overall asset risk level, the specific target being assessed, and its average risk rating based on scans. A detailed list of detected vulnerabilities is displayed, including the issue name, affected target, severity level, and the scan tool used. It also includes options to search, filter, and navigate through multiple pages of vulnerabilities, giving both a high-level risk score and a detailed breakdown of findings for remediation.
2. Managed Vulnerabilities
This section will show you the risk that were reviewed and accepted based on organization risk appetite and mitigated risk, risks that have been addressed through remediation task. The search box in this section is designed to help users quickly locate specific vulnerabilities or scan results. It is paired with a filter option that allows narrowing results based on scan type (such as NMAP, OpenVAS, OWASP ZAP, or SSLyze) and selected targets. This makes it easier to focus on particular findings, streamline analysis, and avoid manually going through long vulnerability lists.
3. Top Recurring Vulnerabilities
This section displays the top recurring vulnerabilities, listing repeated security issues along with their severity and the last time they were detected, helping to identify and prioritize persistent risks.
4. Detected Vulnerabilities Over Time
This section displays the trend of detected vulnerabilities over time, categorized by severity levels such as critical, high, medium, and low risks. It helps visualize how vulnerabilities are distributed and monitored across different dates.
5. Recent Scans
This section shows the most recent scans performed, including the scan type, target, creation date, progress, and status. It helps track completed scans and ensures all tests were successfully executed.
6. Open Vulnerabilities
This section displays the trend of open vulnerabilities over a selected time frame, categorized by severity levels such as critical, high, medium, and low risks. It helps monitor unresolved security issues and track their persistence over time.
" Scan (Sub-module)" - Virtual Penetration Testing (Module)
TheThis module serves as the Scans moduledashboard, provideswhere ausers centralizedcan view ofand manage all security scans, allowing users to track their status and findingsscans in one place. It includesdisplays adetails search bar for quickly locating specific scans and filter options to refine results by scan type (such as NMAP, OpenVAS, OWASP ZAP, or SSLyze) or by target. Each scan cardtype, displays key details like the target URL,target, last completed date, recurrence, next run, scanand current status, andalong associatedwith risksa risk summary categorized byinto severity (Critical, High, Medium, Low).and Low. Users can alsosearch, filter, or view running scans for easier tracking, and createthe New Scan button allows quick creation of a new ones using the available controls, making it easier to organize, monitor, and manage all scan activities efficiently.test.
When you click View Report on the Scan, a small window titled View Report will appear, allowing you to download the file.
New Scan
This New Scan section is the first step in creating a new scan, where you select the type of security test to run. You can choose from categories like Network, Web Application, or API Penetration Testing. For Network Penetration Testing, options include NMAP (TCP port scan), OpenVAS (vulnerability scan), and Nmap UDP (UDP port scan). A progress bar shows the steps—Select Scans, Select Targets, Configure, and Review—while the Selected Scan counter and navigation buttons help you track and move through the process.
Network Penetration Testing
Web Application Penetration Testing
API Penetration Testing
1. Search Bar - Allowing you to look specific scans.
2. Filter - Allows users to refine and organize scan results based on specific criteria. You can filter by scan type (e.g., NMAP, OpenVAS, Nmap UDP, OWASP ZAP, SSLyze) or by target URL/domain to quickly locate relevant scans. The options Apply Filters and Clear Filter provide flexibility—either narrowing down results to the chosen criteria or resetting the view to show all scans. This makes it easier to manage and review scans without manually searching through the entire list.
