Authored by: PlexTrac Author Posted on: December 13, 2023 Don’t Trade Quality for Speed in Your Pentest Reporting Automate with PlexTrac to build better reports faster PlexTrac’s Founder and CTO Dan DeCloss sat down with Caleb Davis, Senior Manager of Emerging Technologies at Protiviti, and Nick Popovich, Founder and Owner at Rotas Security, to talk about both the pain and the importance of pentest reporting. For any pentester or team who is spending countless hours on manual pentest reporting, this one is for you. Ready to learn how Protiviti and Rotas Security are leveraging automation to streamline pentest reporting without sacrificing quality and consistency? Watch the full webinar or keep reading for the highlights of their conversation. Don’t Trade Quality for Speed in Your Pentest Reporting What are the elements of a high-quality report? The first question to consider when balancing possible tradeoffs in your pentest reporting process is what your priorities are for your deliverable. While tedious and time consuming to create, pentest reports are the critical deliverable of the engagement or testing exercises. Quality is non-negotiable for most service providers as the report is the main mechanism for providing value. The same is true for internal teams as documentation of their activities is crucial to improving security posture. So what constitutes a high quality reoport? For Protiviti, gold standard content that is curated, reviewed, and ready for testers to use in reports is key to ensuring quality and consistency across their teams. Caleb shared, “The ability to have ‘golden language,’ a repository of tried and true language, around themes we see often, helps our testers and helps us communicate better with product teams. Starting from scratch takes time that we could spend testing more attack vectors. The Content Library is huge in how we’ve leveraged PlexTrac.” Nick Popovich, shared that actionable information, both in both static and dynamic forms, makes a difference for his clients. Reports that are interactive and easier to consume because of flexible delivery ensure organizations can act on recommendations more quickly. Rotas uses PlexTrac’s Client Portal to deliver findings quickly and dynamically, in addition to more traditional PDF or Word document forms. Saving time in the reporting process is critical for maximizing limited resources but not at the expense of quality. Automation in reporting delivers not just time savings but also the ability to provide deeper collaboration and value from the efforts put into a pentest engagement. What are the benefits of reporting and workflow automation? The contributors agreed on several benefits of automating report creation that maximize both speed and quality, including: Streamlining the workflow and reporting process Improving findings delivery and providing flexibility Supporting a long-term relationship with report recipients that drives improvement Enabling iterative testing and cycles of testing that are otherwise difficult to achieve “Having a centralized location where the risk language resides, where we can export to all needed files, and where we have the capabilities for our QA processes all together is just much better inside the single tool designed with that intention. PlexTrac has been a huge help for this,” Caleb said. For Protiviti, automating with PlexTrac has made a big difference in not only the efficiency of their report creation but also the overall value they can provide. “[PlexTrac reports] really help put our clients and receivers of these reports in a much better position to consume and understand ‘what’s the most impactful to our business to make us more secure,’” Caleb said. Nick summed up the value of automation for Rotas Security: “We see solutions like PlexTrac and other [automation] solutions that we expertly wield as force multipliers in our ability to execute excellence.” Why PlexTrac? Caleb concluded the conversation, stating, “Overall, what all the things that we are saying really do for our clients, the consumers of our reports, is help them articulate risk and triage risk much better.” PlexTrac is the automation solution helping Protiviti and Rotas deliver more value from their pentests — more efficiently. Request a demo to see how PlexTrac can benefit your team. PlexTrac Author At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.
The CVE Program Regains Funding: A Critical Juncture for Global Cybersecurity If you’ve spent any amount of time in cybersecurity, you’ve likely encountered the CVE (Common Vulnerabilities and Exposures) Program. It’s a foundational piece of how we identify and talk about... READ ARTICLE
What the CVE Funding Scare Exposed About the State of Vulnerability Management The CVE program is vital, but recent events are a reminder that security strategies must go far beyond known vulnerabilities. The potential defunding of the CVE (Common Vulnerabilities and Exposures)... READ ARTICLE
Introducing PlexTrac for CTEM: Proactively Manage Exposure Risk Gartner’s Continuous Threat Exposure Management (CTEM) framework is all the rage right now. Everyone’s talking about the need for continuous security testing and tossing around “CTEM” as the buzzword. But... READ ARTICLE