Glossary

• Pentest: A penetration test run with configuration, timing, and reporting.
• Engagement: A single pentest instance for a specific target.
• Active Pentest: The live view of ongoing testing activity.
• Consent: Approval required before testing starts.
• Scope permissions: Per-URL permissions defining allowed actions (access vs exploitation).
• Access: Allowed interaction that avoids exploitation.
• Exploitation: Explicit permission to attempt exploitation steps.
• Scope discovery: Automatic discovery of additional URLs in scope.
• Roles/credentials: Accounts or verification links enabling authenticated testing.
• Finding: A security issue with severity, status, and history.
• Evidence: Proof of the issue, such as requests, responses, or screenshots.
• Mitigation: Guidance for resolving the issue.
• Endpoints: Affected URLs and methods tied to a finding.
• Risk level: Severity assigned to a finding (informational to critical).
• New: Initial status for a finding.
• Accepted: User-confirmed finding for remediation.
• Fixed: User-confirmed remediation, ready for verification.
• Rejected: User-marked invalid or not applicable.
• AI accepted / AI rejected / AI fixed: System-assigned statuses from automated verification.
• Retest: A follow-up validation that a finding is resolved.
• Retest log: Live messages shown while a retest is running.
• Remediation: The page where you review findings, update status, and run retests.
• Status reason: Required explanation when changing finding status.
• Show irrelevant: Toggle to include informational, merged, or AI-rejected items.
• Informational: Low-risk findings that are unlikely to require remediation.
• AI rejected: A system status for findings the AI deemed invalid.
• Report type: Selected report output (Executive, Audit, Technical, Full).
• Report levels: Preset detail levels (Executive, Audit, Technical, Full).
• Human needed: State where user input is required to continue.