Authored by: PlexTrac Team Posted on: December 13, 2023 Don’t Trade Quality for Speed in Your Pentest Reporting Automate with PlexTrac to build better reports faster PlexTrac’s Founder and CTO Dan DeCloss sat down with Caleb Davis, Senior Manager of Emerging Technologies at Protiviti, and Nick Popovich, Founder and Owner at Rotas Security, to talk about both the pain and the importance of pentest reporting. For any pentester or team who is spending countless hours on manual pentest reporting, this one is for you. Ready to learn how Protiviti and Rotas Security are leveraging automation to streamline pentest reporting without sacrificing quality and consistency? Watch the full webinar or keep reading for the highlights of their conversation. Don’t Trade Quality for Speed in Your Pentest Reporting What are the elements of a high-quality report? The first question to consider when balancing possible tradeoffs in your pentest reporting process is what your priorities are for your deliverable. While tedious and time consuming to create, pentest reports are the critical deliverable of the engagement or testing exercises. Quality is non-negotiable for most service providers as the report is the main mechanism for providing value. The same is true for internal teams as documentation of their activities is crucial to improving security posture. So what constitutes a high quality reoport? For Protiviti, gold standard content that is curated, reviewed, and ready for testers to use in reports is key to ensuring quality and consistency across their teams. Caleb shared, “The ability to have ‘golden language,’ a repository of tried and true language, around themes we see often, helps our testers and helps us communicate better with product teams. Starting from scratch takes time that we could spend testing more attack vectors. The Content Library is huge in how we’ve leveraged PlexTrac.” Nick Popovich, shared that actionable information, both in both static and dynamic forms, makes a difference for his clients. Reports that are interactive and easier to consume because of flexible delivery ensure organizations can act on recommendations more quickly. Rotas uses PlexTrac’s Client Portal to deliver findings quickly and dynamically, in addition to more traditional PDF or Word document forms. Saving time in the reporting process is critical for maximizing limited resources but not at the expense of quality. Automation in reporting delivers not just time savings but also the ability to provide deeper collaboration and value from the efforts put into a pentest engagement. What are the benefits of reporting and workflow automation? The contributors agreed on several benefits of automating report creation that maximize both speed and quality, including: Streamlining the workflow and reporting process Improving findings delivery and providing flexibility Supporting a long-term relationship with report recipients that drives improvement Enabling iterative testing and cycles of testing that are otherwise difficult to achieve “Having a centralized location where the risk language resides, where we can export to all needed files, and where we have the capabilities for our QA processes all together is just much better inside the single tool designed with that intention. PlexTrac has been a huge help for this,” Caleb said. For Protiviti, automating with PlexTrac has made a big difference in not only the efficiency of their report creation but also the overall value they can provide. “[PlexTrac reports] really help put our clients and receivers of these reports in a much better position to consume and understand ‘what’s the most impactful to our business to make us more secure,’” Caleb said. Nick summed up the value of automation for Rotas Security: “We see solutions like PlexTrac and other [automation] solutions that we expertly wield as force multipliers in our ability to execute excellence.” Why PlexTrac? Caleb concluded the conversation, stating, “Overall, what all the things that we are saying really do for our clients, the consumers of our reports, is help them articulate risk and triage risk much better.” PlexTrac is the automation solution helping Protiviti and Rotas deliver more value from their pentests — more efficiently. Request a demo to see how PlexTrac can benefit your team. PlexTrac Team Editoral Group At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.
Vulnerability Management in the Age of AI: From Data Overload to Decisive Action By Sean Martin and Marco Ciappelli, Co-Founders of ITSPmagazine Between the 300-page pentest PDF and the spreadsheet no one is updating, security teams lose the thread. Findings pile up, priorities blur, and the key question — are we actually getting safer? — goes unanswered. That is the problem Daniel DeCloss set out to solve when... READ ARTICLE
RSA Takeaways on AI, Exposure Management, and Execution As I’m heading back from RSA, I’ve had a little time to decompress and think about what stood out most from the week. Like every RSA, it was full. Booth conversations, customer meetings, partner catchups, walking too much, talking too much, and trying to make sense of where this market is actually headed underneath all... READ ARTICLE
The AI Arms Race – Why Unified Exposure Management is becoming a Boardroom Priority Over the past year, I’ve noticed a shift in the conversations I’m having with security leaders. It’s no longer just about more vulnerabilities or more tools but speed and how difficult it’s becoming to keep up. The cybersecurity landscape is accelerating at an unprecedented rate. We are witnessing the dawn of a new era in... READ ARTICLE