Pentestas / help

Methodology Library

The Methodology Library is the customer-readable account of how Pentestas tests for every vulnerability class. Each entry covers:

  • How Pentestas tests for this — the actual detector files involved, with the oracle each uses.
  • Payload classes — what categories of payloads the platform sends and what each is looking for.
  • Detection signals — the specific response shapes / behaviours the detector confirms.
  • Common false positives — the patterns we suppress and the specific heuristic that does the suppressing.
  • Remediation — the fix in plain English plus a defense-in-depth paragraph.
  • Related techniques — adjacent classes that share root cause or commonly chain with this one.

Why this matters

Vendor pentest reports usually hand-wave at methodology with phrases like "we used industry-standard tools". When a SOC2 / PCI / FedRAMP auditor asks "show us how you tested for IDOR", the answer needs to be a versioned document, not a sales-deck slide.

Every Pentestas finding links to the methodology document the platform followed to produce it. Auditors read the doc, customers read the doc, our LLM analyst reads the doc when reasoning about a finding — one source of truth across all three audiences.

How to access

Two entry points:

  • Tools → Methodology Library — searchable grid of every skill the platform has authored. Filter by title, vuln type, CWE, OWASP category, MITRE technique, or plan tier.
  • Per-finding — every finding-detail drawer shows a "How Pentestas tested for this" card when the finding's vuln type maps to a skill. Click through for the full methodology without leaving the finding.

Currently covered classes

  • SQL Injection (covers SQLI + NoSQL injection)
  • Cross-Site Scripting (reflected, stored, DOM)
  • Server-Side Request Forgery (SSRF, OAST, body SSRF)
  • Insecure Direct Object Reference (IDOR, BOLA, BFLA)
  • Cross-Site Request Forgery (CSRF, with the exploitability gate)
  • Authentication & Authorisation Bypass (default credentials, path canonicalisation, OAuth bypass)
  • JSON Web Token vulnerabilities (alg confusion, weak HMAC, kid injection, expired-token acceptance)
  • Path Traversal
  • OS Command Injection
  • File Upload Vulnerabilities
  • Mass Assignment

The library grows continuously — new skills appear in the catalog on the next request once added.

Custom skills (enterprise)

Enterprise tenants can author tenant-specific methodology docs (e.g. "how we test our bespoke SSO flow") and drop them in their tenant config directory. The platform surfaces them in the catalog scoped to your tenant, and the LLM analyst loads them as additional methodology context when reasoning about findings on your engagements.

API access

GET /api/skills                       — compact catalog
GET /api/skills/{id}                  — full methodology body
GET /api/skills/for-vuln-type/{type}  — lookup by finding's vuln type