Authored by: PlexTrac Author Posted on: January 11, 2024 Simplify Pentest Reporting and Improve Time to Value With the Industry’s Largest Findings Repository You can now leverage writeups for over 25,000 CWEs, CVEs, and KEVs to provide detailed guidance on vulnerabilities, the level of exposure, and remediation steps At PlexTrac, it’s our mission to help cut pentest reporting time while ensuring high-quality, actionable reports. In line with this mission, we have added to our already extensive library of writeups to now include Common Vulnerabilities and Exposures (CVEs), Common Weakness Enumerations (CWEs), and Known Exploited Vulnerabilities (KEVs) to help customers enrich findings with guidance on vulnerabilities or flaws, the level of exposure, and remediation steps. We now offer over 25,000 writeups – more than any other pentest reporting automation platform. What are CVEs, CWEs, and KEVs and why is it important to include the findings writeups in the platform? As you know, CVEs are used to identify a specific vulnerability, CWEs are used to categorize flaws or weaknesses that could potentially result in a vulnerability, and KEVs reference vulnerabilities that have already been exploited as documented by CISA. Searching for or manually creating a CWE, CVE, and KEV writeup is tedious and error prone. Incomplete writeups can result in missed remediation steps or, worse, threat recurrence. By having CVE, CWE, and KEV writeups in the PlexTrac platform, customers can insert the appropriate explanation of the flaw or vulnerability as well as the proposed fix, which speeds the delivery of the report. It helps provide developers with the context needed to strategically remediate flaws promptly and enables service providers to enhance their unique value proposition by advising prescriptively on which findings to fix first. What other value adds are in the works for the PlexTrac platform? A few months ago, we released our new style and configuration features, designed to further streamline the reporting workflow and enable scalable delivery of customized pentest reports without the need for a highly technical resource or a substantial time investment. As part of the release, we added: Additional and expanded pre-built export report templates Style guides with customizable options Configurable findings layouts (add, remove, or reorganize sections at your discretion) Since the release, we have been diligently working to add even more low-code options for the reports, including more report templates. We’ve also been working on ways to help you track and prioritize groups of thematic findings. Imagine being able to not only share the proposed fixes but also the order of priority based on a fully customizable, contextual severity score. Ready to learn more? Aside from offering the largest findings repository in the industry, there are several other areas where we stand out amongst the competition. Check out our recipe for selecting a pentest management and automation platform that meets your unique needs. PlexTrac Author At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.
How Do I Pentest My LLM? In the world of cybersecurity, AI is the perpetual topic du jour, and more specifically Generative AI. The use of LLMs for all kinds of use cases is the craze and the AI ecosystem continues to move at a rapid pace. When it comes to pentesting, the job of every tester is to keep up... READ ARTICLE
What FedRAMP’s New Vulnerability Management Standard Means for Pentesters and Vuln Managers Breaking Down the New RFC-0012 Standard Under FedRAMP and How It Can Change Your Daily Security Operations If you work in vulnerability management or penetration testing for cloud systems under FedRAMP, buckle up because the new RFC-0012: FedRAMP Continuous Vulnerability Management Standard is going to change how your work is scoped, tracked, and prioritized. The... READ ARTICLE
Beneath the Hat: My Black Hat 2025 Takeaways, Including the AI Imperative As I write this from the airport, the desert heat of Las Vegas is finally fading and I’m reflecting on the whirlwind that was Black Hat USA 2025. For me, this conference is always about two things: the people and the ideas. We hosted our annual Customer Appreciation Night and ran a Pentest Reporting Bootcamp,... READ ARTICLE