Let's make pentesting fun again! Report writing in 5 minutes. Adrian - PowerPoint PPT Presentation

Fab România Let's make pentesting fun again! Report writing in 5 minutes. Adrian Furtunã Founder & CEO https://pentest-tools.com

Pentest reporting 2018 https://pentest-tools.com 2

Pentest reporting 2018 https://pentest-tools.com 3

Background info 2018 https://pentest-tools.com 4

About me # Ex-fulltime pentester  10+ years of experience in ethical hacking & IT security  Reformed programmer # Founder of Pentest-Tools.com # Associate professor @ MTA, UPB # Speaker at security events and conferences:  Hack.lu - Luxembourg  Hacktivity – Budapest  ZeroNights - Moscow  Defcamp - Bucharest  OWASP Romania, etc 2018 https://pentest-tools.com 5

Pentest-Tools.com # We help companies become resilient against cyber attacks  Self-security assessment service  Periodic scans & notifications 80%  Recommendation for fixing the issues Security 20% Effort  Coverage 25+ essential tools • Updated • Configured • Ready to run 2018 https://pentest-tools.com 6

Website activity # 1,4 million users last year # Organic growth Audience Overview (Google Analytics) Company started 2018 https://pentest-tools.com 7

Our customers # > 3000 customers # 120 countries # 80% companies (SMEs) # 20% individuals 2018 https://pentest-tools.com 8

Back to pentest reporting 2018 https://pentest-tools.com 9

Solution 1 # Copy-paste from previous reports  What was the latest good version?  Search for findings in multiple reports  Adapt to the current client (!) 2018 https://pentest-tools.com 10

Solution 2 # Make your own report generator tool  Who makes it?  Who maintains it (bug fixing, new features, updated, etc)?  Who keeps it updated and clean with the latest findings? 2018 https://pentest-tools.com 11

Solution 3 # Use a third-party report generation tool  Serpico: • https://www.serpicoproject.com • https://github.com/SerpicoProject/Serpico  VulnReport: • http://vulnreport.io/ • https://github.com/salesforce/vulnreport # Challenges:  Deployment & Initial configuration  Learning a new reporting tool  Importing scan results 2018 https://pentest-tools.com 12

Our solution # Cloud-based # Scanning Tools => Results => Reporting (.docx) 2018 https://pentest-tools.com 13

Pentest-Tools.com # DEMO 2018 https://pentest-tools.com 14

Vouchers - 300 Free Credits # https://pentest-tools.com/register  Voucher code: DEFCAMP2018  Obtain 300 Free Credits into your new account 2018 https://pentest-tools.com 15

Our team Vlad Turcanu Eusebiu Boghici George Pitis Mihai Burduselu Andrei Damian Adrian Furtuna Advisors Andrei Pitis Diana Olar 2018 https://pentest-tools.com 16

Fab România Thank you! Adrian Furtunã adrian.furtuna@pentest-tools.com 2018 https://pentest-tools.com 17