When you enable the Pentested mod for one or multiple asset, you will activate all continuous offensive security checks on that assets, but also all controls designed to gather all metadata and critical information about the target.

These scans are launched continuously and will evaluate continuously new paths, new functions, and new potential entry points on the pentested application and related infrastructure.

Then, Qualified Vulnerabilities could appear at any time (it could be 1 week, 1 month, even 1 year after the asset has been set in pentested mod, depending on how the application moved, and potential new exploitation technics etc).

However, we consider that the “first results” of our automation (first qualified vulnerabilities, after setting an asset in Pentested mod, all risk insights) appears in an average time of 2 weeks, the time all security checks have been launched at least once.