Pentesting

Scheduled Pentests

Set up recurring pentests on a daily, weekly, biweekly, or monthly schedule to maintain continuous security coverage.

Why Schedule Pentests?

Scheduled pentests provide continuous security coverage without manual intervention. By testing your applications on a regular cadence, you catch new vulnerabilities introduced by deployments, configuration changes, or newly disclosed CVEs before attackers do.

Setting Up a Schedule

  1. Navigate to the target you want to schedule.
  2. Click the Schedule tab.
  3. Choose a frequency:
    • Daily — runs once every 24 hours.
    • Weekly — runs once per week on a day you choose.
    • Biweekly — runs once every two weeks.
    • Monthly — runs once per month on a date you choose.
  4. Select the pentest package for scheduled pentests.
  5. Set the preferred time (in UTC).
  6. Click Save Schedule.

Tier Requirements

Scheduled pentests are available on the Launch tier and above. Pay-per-pentest users can run on-demand pentests but cannot configure recurring schedules. Upgrade to Launch to unlock this feature.

How It Works

APVISO's scheduler checks for due pentests every minute. When your schedule fires:

  1. A pentest is automatically created with your configured package.
  2. The system verifies license status, target allowance, runner heartbeat, and available concurrency before queuing the scheduled pentest.

All scheduled pentests appear in your normal pentest history with a scheduled badge.

Managing Schedules

You can pause, modify, or delete a schedule at any time from the target's Schedule tab. Pausing a schedule preserves its configuration without running pentests.

Notifications

When a scheduled pentest completes, you receive a notification (email, Slack, or webhook depending on your preferences) with a summary of findings. If new critical or high-severity vulnerabilities are discovered, the notification is flagged as urgent.

Best Practices

  • Run weekly pentests on production applications and daily pentests on staging environments that receive frequent deployments.
  • Use Launch Review for scheduled pentests to balance depth and runtime.
  • Monitor runner health and concurrency so scheduled pentests have capacity to start.
  • Combine scheduled pentests with CI/CD-triggered pentests via the API for maximum coverage.
Back to Knowledge Base