Retesting Findings - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Knowledge Base](/docs)Retesting FindingsPentestingRetesting Findings ================== How to verify that vulnerabilities have been fixed by running targeted retests against specific findings. What Is a Retest? ----------------- After you remediate a vulnerability, you want confirmation that the fix is effective. A retest runs a focused pentest that only targets the specific findings you select, rather than retesting the entire application. How to Request a Retest ----------------------- 1. Navigate to the pentest's **Findings** tab. 2. Select one or more findings you have fixed by checking the boxes next to them. 3. Click **Retest Selected**. 4. Confirm the retest. APVISO will verify the fixes. You can also retest a single finding by clicking the **Retest** button on the finding detail page. Retest Statuses --------------- Each retested finding receives one of the following statuses: - **in\_progress** — the retest is currently running. - **fixed** — the vulnerability could not be reproduced. The original finding status is updated to `fixed`. - **not\_fixed** — the vulnerability is still present. The finding remains in its previous status and the retest includes updated evidence. Retest Runtime -------------- Retests are targeted and shorter than full pentests. In BYOK self-hosted mode, they use your runner capacity instead of runner capacity and model-provider usage. Best Practices -------------- - Fix all related findings before retesting to minimize the number of retest cycles. - Make sure your fix is deployed to the same environment (URL) that was originally tested. - If using authenticated pentesting, verify that the runner-local auth file still contains valid credentials. - Review the retest evidence carefully — a finding marked `not_fixed` includes updated request/response pairs showing what the agent observed. Retest History -------------- Every retest is logged on the finding detail page. You can see the full history: when each retest was run, what the result was, and what evidence was captured. This history is valuable for demonstrating remediation progress during audits. ### Related Articles [Understanding Findings What severity levels mean, how findings are structured, and how to interpret CWE/CVE references and compliance mappings.](/docs/understanding-findings)[Managing Finding Status Track remediation progress using the finding status workflow — from open through to fixed, accepted risk, or false positive.](/docs/managing-finding-status)[License Usage How self-hosted license state, runner health, and target visibility control pentest starts.](/docs/license-usage) [Back to Knowledge Base](/docs) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.