A checklist is a list of tasks that need to be performed throughout the course of the project.

Checklists are useful for when you need to define and track a series of items or tasks, especially in complex projects or projects with manual penetration testing. Checklists provide an easy way to see how far along a project is and if certain vulnerabilities have been confirmed. You can also use checklists to designate a particular order that tasks should be completed.

Resolve has built-in checklists or you can create your own. You can configure checklists to be automatically added to a new project based on the project type or you can manually add checklists on a per-project basis.

Checklist tasks and categories

Checklists are divided into tasks and categories. A task is an individual item in a checklist, such as performing a manual test to see if a specific vulnerability exists in an application. A checklist category groups similar tasks together. Tasks are assigned individually to categories in a checklist. There are two kinds of tasks — tasks related to a master finding and tasks that are more general.

The tasks needed in a checklist vary depending on the scope and type of project. Tasks can cover a wide range of items, such as general administration activities, information gathering, or running a type of scan. Tasks can also be associated with a particular master finding for activities that target a specific vulnerability, such as attempting to exploit a cross-site scripting or SQL injection attack.

Tasks in a checklist can include the following depending on what information is available from the source tool or master finding:
  • Instructions for performing the task
  • Findings, if any, linked to the task
  • Verification instructions for the vulnerability
  • Exploitation instructions for the vulnerability
  • Related instances
  • References
  • Comments added by team members
Figure 1. An example project checklist
  1. A checklist category
  2. Tasks nested in a category

Checklist templates and assigned project checklists

Project checklists are composed of one or more checklist templates. Templates are reusable and typically contain a set of activities to complete for every test. When you assign the checklist template to a project, an instance of that template is created as an assigned, interactive checklist.

You can automatically assign templates to new projects based on the project type. If you make changes to a template, these changes appear in new projects going forward. However, the categories and tasks in currently assigned project checklists are static — if you make changes to the template, the existing checklist in the project remains the same. This way if a user is working through a checklist, there is no risk of their assigned checklist changing in the mean time.

Once a template is assigned to a project checklist, it can't be removed from the project. If a template is no longer needed, you can mark those items as not applicable and hide them from the project checklist view.