Don’t Trade Quality for Speed in Your Pentest Reporting

Automate with PlexTrac to build better reports faster

PlexTrac’s Founder and CTO Dan DeCloss sat down with Caleb Davis, Senior Manager of Emerging Technologies at Protiviti, and Nick Popovich, Founder and Owner at Rotas Security, to talk about both the pain and the importance of pentest reporting.

For any pentester or team who is spending countless hours on manual pentest reporting, this one is for you. Ready to learn how Protiviti and Rotas Security are leveraging automation to streamline pentest reporting without sacrificing quality and consistency? Watch the full webinar or keep reading for the highlights of their conversation.

Don’t Trade Quality for Speed in Your Pentest Reporting

What are the elements of a high-quality report?

The first question to consider when balancing possible tradeoffs in your pentest reporting process is what your priorities are for your deliverable. While tedious and time consuming to create, pentest reports are the critical deliverable of the engagement or testing exercises. Quality is non-negotiable for most service providers as the report is the main mechanism for providing value. The same is true for internal teams as documentation of their activities is crucial to improving security posture. 

So what constitutes a high quality reoport? 

For Protiviti, gold standard content that is curated, reviewed, and ready for testers to use in reports is key to ensuring quality and consistency across their teams. Caleb shared, “The ability to have ‘golden language,’ a repository of tried and true language, around themes we see often, helps our testers and helps us communicate better with product teams. Starting from scratch takes time that we could spend testing more attack vectors. The Content Library is huge in how we’ve leveraged PlexTrac.” 

Nick Popovich, shared that actionable information, both in both static and dynamic forms, makes a difference for his clients. Reports that are interactive and easier to consume because of flexible delivery ensure organizations can act on recommendations more quickly. Rotas uses PlexTrac’s Client Portal to deliver findings quickly and dynamically, in addition to more traditional PDF or Word document forms. 

Saving time in the reporting process is critical for maximizing limited resources but not at the expense of quality. Automation in reporting delivers not just time savings but also the ability to provide deeper collaboration and value from the efforts put into a pentest engagement.

What are the benefits of reporting and workflow automation?

The contributors agreed on several benefits of automating report creation that maximize both speed and quality, including: 

• Streamlining the workflow and reporting process
• Improving findings delivery and providing flexibility 
• Supporting a long-term relationship with report recipients that drives improvement
• Enabling iterative testing and cycles of testing that are otherwise difficult to achieve

“Having a centralized location where the risk language resides, where we can export to all needed files, and where we have the capabilities for our QA processes all together is just much better inside the single tool designed with that intention. PlexTrac has been a huge help for this,” Caleb said.

For Protiviti, automating with PlexTrac has made a big difference in not only the efficiency of their report creation but also the overall value they can provide. “[PlexTrac reports] really help put our clients and receivers of these reports in a much better position to consume and understand ‘what’s the most impactful to our business to make us more secure,’” Caleb said.

Nick summed up the value of automation for Rotas Security: “We see solutions like PlexTrac and other [automation] solutions that we expertly wield as force multipliers in our ability to execute excellence.”

Why PlexTrac?

Caleb concluded the conversation, stating, “Overall, what all the things that we are saying really do for our clients, the consumers of our reports, is help them articulate risk and triage risk much better.” 

PlexTrac is the automation solution helping Protiviti and Rotas deliver more value from their pentests — more efficiently. Request a demo to see how PlexTrac can benefit your team.