Run 1-Click Verify¶

1-Click-Verify enables you to quickly and conveniently schedule a pentest to verify that specific weaknesses have been remediated. This supports and helps to facilitate the Find-Fix-Verify loop.

How Does It Work?¶

1. Select the Weaknesses¶

Under the Weaknesses tab, we've added a 1-Click-Verify functionality to all weaknesses that are 1-Click verifiable. Note that not all weaknesses are 1-Click verifiable. 1-Click verifiable weaknesses are those that can be reliably verified even when the pentest scope is limited to only a single host or set of hosts affected by the weakness. Weaknesses that require complex chains involving multiple hosts and credentials would not be considered 1-Click verifiable.

If a weakness is 1-Click verifiable, you will see a check box on its row. Select the check boxes for all the 1-Click verifiable weaknesses that you want to include in your 1-Click Verify run.

The take action drop-down - showing the number 3 to indicate how many items were selected.

2. Verify the Weaknesses¶

Once you have selected all the weaknesses you would like to test, click Take Action and select 1-Click Verify from the submenu.

"Take Action" drop-down opened to reveal "1-Click Verify" option.

3. Run 1-Click Verify Pentest¶

In the resulting modal, you can remove any previously added weaknesses, select the Runner you want to use for the test, and acknowledge the configuration settings. All settings are carried over from the original pentest that discovered these weaknesses.

Once you are ready to kick off the 1-Click Verify test, select the confirmation check box, then click the Run Pentest button.

1-Click Verify Pentest modal, showing confirmation check box selected – this is required to proceed.

4. Check the Results¶

The newly scheduled 1-Click Verify pentest appears in the Pentests list with its own record. Its name defaults to 1-click verify for weakness CVE-XXXX-XXXX.

When the 1-Click Verify pentest completes, the tested weaknesses should no longer appear in the results. In most cases, this indicates that remediation was successful. However, from a testing perspective, the only definitive statement we can make is that NodeZero did not rediscover the weakness during this verification run.

Pentests table showing a 1-Click Verify pentest, labeled with the words '1-click verify for' and a weakness ID.

Why Run a 1-Click Verify Test?¶

A common usage pattern is to first run a full-scope pentest across your environment to identify weaknesses across many hosts. Remediation work then begins with the highest-priority issues. When you are ready to validate specific fixes, 1-Click Verify allows you to narrow the scope of a follow-up pentest to only the hosts associated with the selected weaknesses. Because of this smaller scope, the verification pentest typically completes significantly faster than the original full-scope test. This enables rapidly confirmation of your remediation results, supporting an efficient Find–Fix–Verify cycle.

What Problem Does It Solve?¶

Rapid, targeted verification of your remediation efforts enables you to make incremental and verifiable progress toward the goal of eliminating weaknesses and improving the security posture of your network.

1-Click Verify can be a fast path to verifying and documenting the corrections you've made during a compliance audit, such as a PCI DSS (Payment Card Industry Data Security Standard) audit. Once you've verified that your remediation is complete, simply download the 1-Click Verify report as evidence to submit to your assessor.