Overview
Red team assessments are MindFort’s advanced penetration testing service that goes beyond traditional vulnerability scanning. These assessments simulate real-world attack techniques to identify exploitable vulnerabilities with concrete proof-of-concept evidence.Starting a New Assessment
Quick Start Method
1
Click New Assessment
Use the “New Assessment” button in the left sidebar for instant access.
2
Select Target
Choose a verified target (website/domain) from the dropdown list.
3
Choose Method
- Turbo: Fast scanning, ideal for regular monitoring
- Balanced: Middle ground between speed and depth
- Deep: Comprehensive testing for major releases
4
Optional: Add Authentication
Expand “Authentication Credentials” to select stored login credentials for deeper testing of authenticated areas.
5
Start Assessment
Click “Start Assessment”. If additional credits are required, confirm to proceed.
Assessment Methods
| Method | Speed | Best For | Credits |
|---|---|---|---|
| Turbo | Minutes to 1 hour | Daily/weekly monitoring, CI/CD integration | 1 credit |
| Balanced | 1-2 hours | Regular security checks, sprint cycles | 2 credits |
| Deep | Several hours | Major releases, quarterly audits, compliance | 3+ credits |
Turbo
Fast, efficient scanning optimized for regular use. Provides 75th percentile OWASP Top 10 coverage with single-pass analysis. Ideal for continuous monitoring and catching issues early.Balanced
Middle ground between speed and thoroughness. Uses enhanced models with additional analysis passes. Good for regular security validation without the time investment of Deep mode.Deep
Comprehensive multi-pass analysis with larger models and extended time on target. Discovers edge cases, complex attack chains, and business logic flaws that faster modes might miss.Scheduling Recurring Assessments
For automated, regular security testing:1
Enable Scheduling
From the New Assessment form, toggle “Enable Scheduling”.
2
Configure Schedule
- Schedule Name: Optional friendly name
- Frequency: Daily, weekly, or monthly
- Time: When assessments should start
- Timezone: Your preferred timezone
- Method: Turbo, Balanced, or Deep
3
Save Schedule
The system will automatically start assessments at the configured times.
Why Regular Assessments Matter
MindFort learns your application with each assessment, becoming more effective over time. Unlike traditional pen tests that start fresh each engagement, MindFort builds knowledge about your specific app—its structure, authentication flows, and vulnerability patterns.Recommended Frequency: Weekly for active development, bi-weekly for stable apps, monthly at minimum. Run 2-3 assessments when first adding a target to build initial knowledge.
Monitoring Active Assessments
Active Assessments Page
Track ongoing security tests:-
Status Indicators:
- Running: Assessment is actively scanning
- Queued: Waiting for resources to become available
- Pending: Scheduled but not yet started
-
Assessment Details:
- Target: Which application is being tested
- Start Time: When the assessment began
- Method: Turbo, Balanced, or Deep
- Progress: Real-time status updates
Assessment Status Screen
Click any assessment to view detailed progress:- Real-time scanning progress
- Discovered vulnerabilities as they’re found
- Exploitation attempts and results
- Estimated completion time
Managing Assessment History
Reviewing Past Results
Visit Assessment History to explore completed tests:-
Filter Options:
- Source: Filter by domain or repository
- Type: Red Team assessments (Code and Runtime coming soon)
- Date Range: Specific time periods
- Status: Completed, failed, or cancelled
-
View Details: Click any assessment to review:
- Executive summary of findings
- Detailed vulnerability reports
- Exploitation evidence and proof-of-concept
- Remediation recommendations
Assessment Comparison
Compare results across time periods:- Track improvement in security posture
- Identify recurring vulnerability patterns
- Monitor remediation effectiveness
- Document compliance progress
How Assessments Work
Each assessment runs in three phases: Discovery (mapping your application), Vulnerability Testing (testing 13 vulnerability categories in parallel), and Validation (confirming findings and updating status). For detailed technical information, see Assessment Workflow.Understanding Results
Red Team Findings Include
- Exploitation Evidence: Screenshots showing successful attacks
- Proof-of-Concept: Working exploit code and payloads
- Attack Chains: How multiple vulnerabilities combine
- Business Impact: Clear explanation of potential damage
- Remediation Steps: Specific guidance to fix issues
- Retest Status: Confirmation of whether vulnerability still exists
Severity and Exploitability
Severity Levels
- Critical: Immediate business risk requiring urgent attention
- High: Significant security issues needing prompt action
- Medium: Important issues to address during regular maintenance
- Low: Minor issues to resolve when convenient
- Info: Informational findings for security awareness
Exploitability Ratings
- Exploitable: Confirmed working exploit, high risk to business
- Potentially Exploitable: May be exploitable based on configuration
- Non-Exploitable: Detected but unlikely to be abused
- N/A: Not applicable or couldn’t be determined
Assessment Management
Cancelling Running Assessments
If you need to stop an assessment:1
Open Active Assessments
Navigate to the Active Assessments page.
2
Locate Assessment
Find the assessment with status Running, Queued, or Pending.
3
Cancel Assessment
Click “Cancel”. The system will stop at the next safe checkpoint.
Credit Management
Assessments consume credits based on:- Method chosen: Deep assessments use more credits
- Target complexity: Larger applications require more resources
- Authentication depth: Authenticated scans consume additional credits
- You’ll be prompted before the assessment starts
- Upgrade your plan or purchase add-ons in Billing
- Contact your admin to manage organization credits
Best Practices
Assessment Timing
- Production Systems: Schedule during low-traffic periods
- Staging Environments: Test after deployments or changes
- Regular Cadence: Monthly deep scans with weekly turbo monitoring
- Pre-Release: Always assess before major releases
Authentication Strategy
- Dedicated Test Accounts: Use separate credentials, not personal accounts
- Appropriate Permissions: Ensure test accounts can access relevant features
- Credential Rotation: Regularly update stored authentication details
- Multiple Roles: Test with different permission levels when relevant
Result Management
- Immediate Review: Check critical findings as soon as assessments complete
- Team Collaboration: Share results with development and security teams
- Remediation Tracking: Document fixes and validate with follow-up scans
- Executive Reporting: Use findings for stakeholder security updates
Troubleshooting
Assessment Won’t Start
Possible Causes:- Target not verified - check target status
- Insufficient credits - upgrade plan or purchase add-ons
- Firewall blocking - whitelist MindFort IP addresses
- Invalid credentials - verify stored authentication details
Assessment Stuck in Queue
Solutions:- Cancel and restart the assessment
- Check system status page for platform issues
- Verify target is accessible from external networks
- Contact support if delays persist beyond expected times
Poor Assessment Coverage
Improvements:- Add authentication credentials for deeper testing
- Ensure target is the correct URL (not redirecting)
- Use Deep method instead of Turbo for thorough coverage
- Whitelist scanning IPs to prevent firewall interference
- Verify target represents the actual application architecture
No Findings After Assessment
Considerations:- This may indicate a well-secured application
- Verify the correct target was assessed
- Consider authenticated scanning for additional coverage
- Review assessment logs for any access issues
- Try Deep method for more comprehensive testing