Introducing CVSS v3.1, CVE, and CWE Improvements in PlexTrac A New Scoring Calculator, Added Data Fields, and Enhanced Data Imports What part of a standard engagement do pentesters dread the most? Chances are it’s the reporting: gathering mountains of data from pentesting activities, different vulnerability scanners, notes and screenshots, and trying to cram it all into a comprehensible report that simultaneously covers every issue while also ensuring it is simple and easy-to-approach for the client. It can take days or even weeks to get everything documented correctly, and if the remediation suggestions aren’t communicated clearly, then the entire engagement comes to nothing — the pentest team might get called back the next year and find the exact same weaknesses that they pointed out the year before. One of the best ways to give your client direction is by providing them with a comprehensive report (delivered via PDF or online client portal) that helps your client prioritize remediation efforts and gain a deeper understanding of their organization’s security posture. But developing a detailed and comprehensive report with scoring and categorization data can be time-consuming and painful. There’s the hassle of hunting down vulnerability scores and exploit IDs (we’ll get more into that in a minute), and then carefully copying and pasting them in the relevant report sections. We all know the hazards of copy and paste: pasting info in the wrong cell, missing repeats in the report, and dozing off during all the monotony. It is also inconvenient to track risk scores and identifier data using manual methods like spreadsheets and Word documents that just add more time and complications to the reporting process. PlexTrac is the solution to this headache! Vulnerability Scoring Scoring and Identifier Features PlexTrac is pleased to announce the release of the CVSS v3.1 calculator and the addition of CVE and CWE data fields across the PlexTrac platform. This feature will help make reporting and remediation efforts even quicker and easier. CVSS is owned by FIRST and used by permission. This calculator is based on the official FIRST CVSS documentation. You can now handle all CVSS v3.1 calculations, including environmental and temporal calculations, inside of PlexTrac. In addition, there are new fields for CVE and CWE data that will streamline workflows. With these new features you can 1. Improve Focus: Guide your clients’ attention right where it needs to be, and help them focus on the most critical vulnerabilities. 2. Boost Efficiency: Use PlexTrac’s built in CVSS v3.1 calculator to assign severity scores and enhanced integrations to populate scoring and identifier data fields – no need for outside research, copying-and-pasting, or piecemeal editing as you go. 3. Optimize Visibility: Sort and filter tables and analytics by CVSS, CVE, and CWE data to take your reporting analysis to a deeper level and give your clients more meaningful results. Vulnerability Scoring with the CVSS v3.1 Calculator PlexTrac now offers a full CVSS v3.1 calculator that quickly determines the vulnerability scores for each finding you uncover during the pentest. This calculator enables accurate and transparent scoring of vulnerabilities, offering environmental and temporal scoring adjustments using calculations that can be easily calibrated to best serve your report and your client’s needs. The CVSS scoring data is now in tables and analytics across the platform giving users the ability to sort and filter by risk scores. Other scoring framework options are still available in the platform and all scoring data can be overridden if necessary. Vulnerability Categorization with CVE and CWE Identifiers CVE and CWE identifiers provide another tool for security analysts to quickly understand vulnerabilities, giving them quick access to documentation and remediation solutions. PlexTrac offers associated fields with each vulnerability finding for CVE and CWE IDs, and gives you the ability to display, sort, and filter findings by their CVE and CWE scores. Enhanced Import Data from Integrations Chances are good that the vulnerability scanners that you use in your engagements have CVSS, CVE and CWE fields associated with their findings. PlexTrac’s wide range of vuln scanner integrations helps your pentesting team to import all of their findings, ensuring a seamless compilation and organization of vulnerabilities. With the new implementation of scoring and identification data fields, all PlexTrac integrations have been standardized to consistently import CVSS, CVE, and CWE data reducing manual copy and pasting and optimizing reporting workflows. Happy Pentesters, Happy Clients PlexTrac’s new functionality makes the reporting process smoother, easier, and quicker than ever before. Your pentesting team can upload, organize, edit, and view CVSS scores and CVE and CWE identifiers to create an improved analysis of the pentest engagement and produce a persuasive report for your client. But this feature doesn’t only benefit the pentester. Your client will also enjoy the benefits it provides. Your client directly benefits from this feature in the reporting and remediation stage of the engagement — PlexTrac’s reporting tools — with the new CVSS v3.1 calculator —provide your client a clear presentation of existing vulnerabilities, with associated severity, linked to the CVE and CWE information they need to immediately begin remediation. Other features of PlexTrac’s reporting, such as the ability to include code samples, screenshots, and videos from the pentest, will provide support information as your client progresses through the list of risks. PlexTrac’s features can offer a better pentesting experience for everyone involved: easier data integration, safer editing, faster reporting, clearer guidance, and a better path to successful remediation. If you’re ready to give your pentesting team and your clients the benefit of seamless, easy reporting with PlexTrac, book a demo today! BOOK A DEMO
Vulnerability Assessment vs Penetration Testing: Understanding the Key Differences Vulnerability Assessment vs Penetration Testing READ ARTICLE
Unlocking Continuous Threat Exposure Management: New Features for Prioritizing Remediation Based on Business Impact The evolution of product security READ ARTICLE