Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Let's Make Pentesting Fun Again! Report writing in 5 minutes.

50 views

Published on

Adrian Furtuna in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.

The slides and other presentations can be found on https://def.camp/archive

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Let's Make Pentesting Fun Again! Report writing in 5 minutes.

  1. 1. Adrian Furtunã Founder & CEO https://pentest-tools.com Let's make pentesting fun again! Report writing in 5 minutes. Fab România
  2. 2. Pentest reporting 2018 https://pentest-tools.com 2
  3. 3. Pentest reporting 2018 https://pentest-tools.com 3
  4. 4. Background info 2018 https://pentest-tools.com 4
  5. 5. About me 2018 https://pentest-tools.com 5 # Ex-fulltime pentester  10+ years of experience in ethical hacking & IT security  Reformed programmer # Founder of Pentest-Tools.com # Associate professor @ MTA, UPB # Speaker at security events and conferences:  Hack.lu - Luxembourg  Hacktivity – Budapest  ZeroNights - Moscow  Defcamp - Bucharest  OWASP Romania, etc
  6. 6. Pentest-Tools.com # We help companies become resilient against cyber attacks  Self-security assessment service  Periodic scans & notifications  Recommendation for fixing the issues  25+ essential tools • Updated • Configured • Ready to run 2018 https://pentest-tools.com 6 20% Effort 80% Security Coverage
  7. 7. Website activity # 1,4 million users last year # Organic growth 2018 https://pentest-tools.com 7 Audience Overview (Google Analytics) Company started
  8. 8. Our customers # > 3000 customers # 120 countries # 80% companies (SMEs) # 20% individuals 2018 https://pentest-tools.com 8
  9. 9. Back to pentest reporting 2018 https://pentest-tools.com 9
  10. 10. Solution 1 # Copy-paste from previous reports  What was the latest good version?  Search for findings in multiple reports  Adapt to the current client (!) 2018 https://pentest-tools.com 10
  11. 11. Solution 2 # Make your own report generator tool  Who makes it?  Who maintains it (bug fixing, new features, updated, etc)?  Who keeps it updated and clean with the latest findings? 2018 https://pentest-tools.com 11
  12. 12. Solution 3 # Use a third-party report generation tool  Serpico: • https://www.serpicoproject.com • https://github.com/SerpicoProject/Serpico  VulnReport: • http://vulnreport.io/ • https://github.com/salesforce/vulnreport # Challenges:  Deployment & Initial configuration  Learning a new reporting tool  Importing scan results 2018 https://pentest-tools.com 12
  13. 13. Our solution # Cloud-based # Scanning Tools => Results => Reporting (.docx) 2018 https://pentest-tools.com 13
  14. 14. Pentest-Tools.com # DEMO 2018 https://pentest-tools.com 14
  15. 15. Vouchers - 300 Free Credits # https://pentest-tools.com/register  Voucher code: DEFCAMP2018  Obtain 300 Free Credits into your new account 2018 https://pentest-tools.com 15
  16. 16. Our team 2018 https://pentest-tools.com 16 Vlad Turcanu Eusebiu Boghici George Pitis Adrian Furtuna Advisors Andrei Pitis Diana Olar Mihai Burduselu Andrei Damian
  17. 17. Thank you! 17https://pentest-tools.com Adrian Furtunã adrian.furtuna@pentest-tools.com 2018 Fab România

×