Managing complex penetration testing engagements just got a lot easier. Today, we’re excited to announce Subprojects – a powerful new feature that changes how security teams organize and track multi-faceted testing scenarios within PentestPad.
The Challenge: When One Project Isn’t Enough
Modern penetration testing engagements are increasingly complex. A single client assessment might involve:
- Multiple environments (production, staging, development)
- Different testing phases (external network, internal network, web applications, mobile apps)
- Various compliance requirements (PCI DSS, SOC 2, ISO 27001)
- Separate testing teams working on different components simultaneously
Until now, security teams faced a difficult choice: cram everything into a single project and lose organizational clarity, or create multiple separate projects and lose the big-picture view of the engagement.
Introducing Subprojects: The Best of Both Worlds
Subprojects solve this organizational challenge by allowing you to create focused, manageable testing segments while maintaining the cohesive structure of your overall engagement.
Subprojects provide a clear timeline view showing how different testing phases overlap and progress within your main engagement.
Key Benefits
🎯 Focused Scope Management
Each subproject can have its own specific scope, targets, and methodology. Test your client’s web application separately from their internal network, while keeping both under the umbrella of the main engagement.
👥 Team Collaboration
Assign different team members to different subprojects based on their expertise. Your web app specialists can focus on the application testing subproject while network engineers handle infrastructure assessment.
📊 Granular Reporting
Generate detailed reports for individual subprojects or comprehensive reports that span the entire engagement. Perfect for clients who need phase-specific deliverables or executive summaries.
🔄 Flexible Workflow
Start subprojects at different times, run them in parallel, or sequence them based on your testing methodology. The choice is yours.
Real-World Use Cases
Multi-Environment Testing
A financial services client needs testing across production, staging, and development environments. Create subprojects for each environment to:
- Track findings specific to each environment
- Manage different access credentials and testing windows
- Generate environment-specific reports for different stakeholders
Compliance-Driven Assessments
An e-commerce company requires both PCI DSS and general security testing. Use subprojects to:
- Separate PCI-specific findings and remediation
- Maintain compliance audit trails
- Generate targeted reports for payment card industry requirements
Phased Penetration Testing
A large enterprise engagement with external and internal testing phases. Organize with subprojects to:
- Begin with external reconnaissance and testing
- Transition to internal network assessment after initial access
- Track the complete attack chain across both phases
How It Works
Creating and managing subprojects is intuitive:
- Create subprojects either from the Subprojects tab within your parent project, or by selecting a parent project when creating a new project from the main board
- Configure individual scope, team access, and methodology for each
- Track findings, tasks, and progress independently
- Report on individual subprojects or the entire engagement
- Archive completed subprojects while keeping the main project active
The subprojects management interface uses a kanban-style board to track the status of each subproject, from preparing through completion.
Built for Security Professionals, By Security Professionals
This feature emerged directly from feedback from our community of penetration testers and security consultants. We heard consistently that project organization was a major pain point in managing complex engagements, especially for consulting firms handling multiple client requirements simultaneously.
Subprojects integrate seamlessly with PentestPad’s existing features:
- Finding management works across subprojects
- Collaboration tools maintain context within subproject boundaries
- Report generation adapts to subproject structure
- AI Assistant understands subproject context for better recommendations
Available Now
Subprojects are available immediately for all PentestPad users as part of v1.4.20. Existing projects can be organized into subprojects retroactively, and new projects can be structured with subprojects from day one.
Ready to transform how you organize penetration testing engagements? Get Started Today and create your first subproject today.
Have questions about subprojects or other PentestPad features? Reach out to our team at support@pentestpad.com.
