FAQ¶
What permissions should I grant?¶
Grant Access by default. Enable Exploitation only where explicitly approved.
What happens after I click Start Pentest?¶
Testing starts immediately. Progress appears in Active Pentest and findings show up in Remediation as they are discovered.
Can I pause a pentest?¶
Yes, you can pause and continue without losing state.
How do I provide credentials?¶
Use dedicated test accounts or a verification URL.
Why do I need a post-login verification URL?¶
It confirms a successful login and helps SQUR test authenticated areas.
Who can change finding status?¶
Users can update finding status in Remediation and must provide a reason.
What does the New status mean?¶
New findings are automatically verified for duplicates and reproducibility. SQUR may set them to AI accepted or AI rejected.
When should I mark a finding as Fixed?¶
After you deploy a fix and are ready for SQUR to verify it with Retest.
What does Rejected mean?¶
Use Rejected when a finding is not applicable or is a false positive.
How do I retest a single finding?¶
Open the finding in Remediation and click Retest. The Retest Log shows progress.
Can I export a finding?¶
Yes. Use the Markdown export from the finding details panel.
Can I download a PDF report?¶
Yes. Choose a report level and export as PDF from the Report page.