Vulnova

by Risk Associates

Penetration Testing & Security Management

Deliver security engagements with confidence.

Vulnova is an all-in-one platform for penetration testing firms — manage projects, document findings with AI assistance, generate client-ready reports, and deliver a premium client portal experience.

AI-powered findingsCVSS & CWE enrichmentClient portal includedPDF report export
Vulnova — Live Dashboard

E-Commerce Platform Assessment

Web Application · OWASP Top 10

Testing
3 Critical7 High12 Med
AI Screenshot AnalysisComplete
TitleSQL Injection via user_id parameter
SeverityCritical
CVSS9.8 · CVSS:3.1/AV:N/AC:L/PR:N
CWECWE-89 · Improper Neutralisation

Executive Summary

AI narrative · PDF ready

Ready

AI-Generated

Reports

CVSS / CWE

Auto-Enriched

Client Portal

Included

PDF Export

Built-in

Platform Features

Everything your security team needs

From project kickoff to client delivery — every step of the penetration testing lifecycle, in one platform.

Project & Engagement Management

Run penetration testing engagements end-to-end with visual Kanban workflows, phase gating, and milestone control.

  • Kanban phase lifecycle (Kick-off → Final Report)
  • Multi-framework & project type support
  • Client & scope tracking
  • Phase sign-off and advancement controls

AI-Powered Finding Analysis

Upload evidence screenshots and AI extracts the complete vulnerability finding — title, severity, CVSS, CWE, remediation — automatically.

  • Screenshot-to-finding in one click
  • AI CVSS scoring & CWE classification
  • Attack chain correlation across findings
  • AI quality review and rewrite loop

Professional Report Generation

Generate executive summaries, technical risk overviews, and remediation roadmaps using AI narratives. Export client-ready PDFs.

  • 6 AI narrative section types
  • PDF export via WeasyPrint
  • Executive and technical formats
  • Evidence-backed, audit-ready output

Client Portal

Give clients secure real-time visibility into their project status, findings, and report delivery — without email attachments.

  • Role-based client access
  • Live project and phase status
  • Finding detail and severity visibility
  • Secure, permission-controlled access

Continuous Security Monitoring

Track ongoing security posture with orchestrated scanner integrations and AI-powered scan summarisation for PCI compliance.

  • ASV-ready scan orchestration
  • AI scan summarisation
  • Continuous project tracking
  • PCI DSS compliance support

Team & Operations

Manage your security consultancy with granular roles, leave management, and full operational visibility across the organisation.

  • 7 granular role types
  • Leave requests and approval workflow
  • Team allocation and summary view
  • Org-level admin and settings controls

Workflow

From kickoff to client delivery

A structured, AI-assisted workflow that keeps every engagement on track — from scoping to final report.

01

Scope & Kick-off

Define the engagement, assign consultants, and configure project parameters in minutes.

02

Test & Document

Log findings as you test. Upload screenshots and let AI extract the full vulnerability detail.

03

Enrich & Correlate

AI enriches CVSS, CWE, and descriptions. Correlation surfaces attack chains across findings.

04

Generate Report

One click produces an AI-narrated, client-ready PDF with full findings, severity breakdown, and remediation roadmap.

05

Deliver to Client

Clients receive secure portal access to view their findings, report, and project status in real time.

AI Engine — Active
Screenshot Analysis

Upload one or more evidence images. AI describes each, then synthesises a structured finding: title, severity, CVSS, CWE, description, impact, remediation, and exact reproduction steps.

Attack Chain Correlation

Automatically maps how individual findings chain together into multi-step attack paths, surfacing combined risk that single finding reviews miss.

Narrative Generation

Generates executive summaries, risk overviews, key findings, remediation roadmaps, and technical appendices from your finding data in seconds.

Finding Enrichment

Per-field AI suggestions for CVSS scoring, CWE classification, title quality, and remediation guidance — each with a confidence rating and rationale.

AI Engine

AI at every stage of the engagement

Vulnova embeds AI into the critical moments — finding analysis, quality review, correlation, and narrative generation — so your consultants spend more time testing and less time writing.

  • Two-pass screenshot analysis: describe → structured finding
  • Model routing for reasoning, narrative, and fast tasks
  • Attack chain correlation across all project findings
  • AI quality loop with accept / rewrite / dismiss controls

Client Portal

A premium portal your clients will actually use

Stop emailing PDF attachments. Give clients secure, role-based access to their project status, vulnerability findings, and final reports — updated in real time as your team works.

  • Dedicated client login — no consultant access required
  • Role-based permissions: Client Admin, PM, and Member
  • Live project phase and finding severity visibility
  • Report delivery directly in the portal

Project Status

Live & Visible

Findings Access

Role-Controlled

Report Delivery

In-Portal PDF

Client Roles

3 Tier Access

Get Started

Ready to elevate your security practice?

Tell us about your needs — scope, services, and timeline. Our team will review your request and come back with a tailored quote.