What security risks appear between penetration tests?

Between annual penetration tests, new vulnerabilities are introduced through code deployments, infrastructure changes, third-party service integrations, and newly discovered CVEs affecting software versions in use. New subdomains are created and not decommissioned. Configuration drift occurs as teams make changes without security review. These changes accumulate over 11 months with no visibility.

How does VeilScan detect regressions between pentests?

VeilScan's delta reports compare each scan to the previous scan and highlight new findings — vulnerabilities detected now that were not present before. This surfaces security regressions introduced since the last scan, regardless of whether they were introduced by a code change, infrastructure change, or a newly published CVE.

Does VeilScan replace the annual penetration test?

No. A penetration test is a manual, human-led assessment that goes deeper and wider than automated scanning. It tests business logic, internal systems, and chained attack scenarios that automated tools cannot fully replicate. VeilScan is an external-only automated scanner. The two serve different purposes and are most effective in combination.

Use Case

VeilScan Between Penetration Tests: Fill 11 Months of Blind Spots

Quick Answer: A penetration test runs once a year and produces a snapshot. Between tests, teams deploy new code, change infrastructure, and introduce new vulnerabilities — none of which the annual pentest sees. VeilScan runs continuously on a weekly or monthly schedule, detecting regressions between tests and sending Slack alerts when new Critical or High findings appear. It covers the 11 months a pentest cannot.

Why does an annual penetration test leave gaps?

An annual penetration test gives you a detailed picture of your security posture on the day of the test. It is high-quality, manual, and goes deep. But it has one fundamental limitation: it is a point in time.

In the 11 months that follow, your engineering team ships hundreds of deployments. New services launch. Infrastructure changes. Third-party integrations are added. Configuration is adjusted. Every one of these changes can introduce new vulnerabilities that the penetration test never saw. By the time the next annual test runs, the security picture may look very different from what it found the year before.

Many real-world breaches occur at companies that run annual penetration tests — because the breach exploited a vulnerability introduced after the last test and before the next one.

How does VeilScan monitor security between pentests?

VeilScan runs the full external scanning pipeline on a scheduled cadence — weekly on the Pro plan, monthly on Starter and Core. Each rescan:

Rediscovers all subdomains (catching newly created assets)
Scans all discovered hosts for vulnerabilities
Verifies Critical and High findings with proof evidence
Produces a delta report showing what changed since the last scan

When a new Critical or High finding is detected, a Slack alert fires immediately — before the full report is ready. This means your team learns about a serious new exposure within minutes, not at the next quarterly security review.

How do VeilScan and a penetration test work together?

VeilScan and a manual penetration test are complementary, not competing:

The penetration test covers depth — internal systems, business logic, human creativity, manual chaining of complex attack paths
VeilScan covers breadth and continuity — external attack surface monitored continuously, regressions caught within the deployment window

A common pattern: run the annual penetration test in Q1. Use VeilScan continuously throughout the year. Use VeilScan delta reports to track remediation of pentest findings over time. Use VeilScan's compliance mapping for evidence submissions between annual tests.

See: VeilScan vs Manual Penetration Testing · Continuous Monitoring feature

What types of regressions does VeilScan catch between pentests?

Common between-pentest regressions that VeilScan detects include:

New subdomains created for staging or feature branches and not decommissioned after the release
Exposed .env files or secrets introduced in a deployment
TLS certificates that expired after the pentest ran
DMARC or SPF records changed or removed during an email migration
New cloud storage buckets misconfigured as public
Third-party service integrations creating new open ports or service exposure
New CVEs published against software versions in use, making previously safe findings now Critical

What are the most common questions?

Can VeilScan verify that pentest findings have been fixed?

Yes. If a finding from your annual penetration test is detectable by external scanning, VeilScan's next scheduled scan will either confirm it is still present (appearing in the current scan results) or confirm it is fixed (absent from results, and marked as fixed in the delta report). This provides independent verification of remediation without waiting for the pentest firm's re-test engagement.

How do I share VeilScan monitoring evidence with my pentest provider?

Download the PDF report from your dashboard. PDF reports include the scan date, scope, and full finding list. Sharing these with your pentest provider before the annual test gives them context on the current state of your attack surface, which can help them focus their time on areas VeilScan's automated scanning cannot reach.

What if my pentest provider already does continuous scanning?

Some penetration testing firms offer continuous scanning as an add-on service. If your provider already covers this, evaluate whether their external scanning coverage and reporting format meets your needs. If you are comparing options, see Best Attack Surface Management Tools for Startups for a feature and pricing comparison.

Cover the months your pentest cannot. Start with a free scan to see your current external exposure — no credit card required. Start your free scan → · View all plans