ZinnoX Reporting Tool (ZRT) is an automated penetration testing report generation tool that allows security professionals to quickly and easily create comprehensive reports. Key features of ZRT include managing project details and findings databases, one-click uploads and report generation, customization options, backup and restore functionality, and integration of the OWASP vulnerability mapping and DREAD risk assessment models to prioritize issues. ZRT aims to revolutionize the penetration testing reporting process by providing a simple user interface and streamlining the entire reporting workflow into just a few clicks to produce high-quality reports in a matter of minutes.
2. ZinnoX - Introduction
ZinnoX is a Business and Technology Solutions company, headquartered in Bangalore,
India
Our solutions include services in IT Security.
ZinnoX Presence – Europe, US, Africa, India, Australia, New Zealand & Canada
3. About ZinnoX Security Testing
ZinnoX Security Testing Services include Penetration Testing and Vulnerability
Assessment Services
- Web Application
- Mobile Application
- Network
Combines advantages of traditional Testing Techniques
- Hybrid testing (Automated Scanners + Manual Testing)
Ensures convenience, speed, cost-saving and increased efficiency
4. PenTesting Reports & ZRT
The Report Creation stage typically takes a minimum of one day or more
depending on the project scope. ZinnoX intends to help companies address the
specific challenge of speeding up the report creation process.
ZinnoX’s Reporting Tool (ZRT) aims at making the Pen Testing Report Creation a
completely automated process
ZRT is an extremely simple, user friendly and efficient application that one can use
to create concise, crisp and comprehensive reports by following just a few simple
steps
5. ZRT – Home Screen
The ZinnoX Reporting Tool Home Screen
has a simple user interface, with 4
tabs/options:
- Bugs Database
- Add Finding
- D.R.E.A.D Calculator
- Project Management
Each of these tabs allows for a specific
function in the report creation process
6. ZRT – Key Features
✅ Manage Projects
✅ Manage Bug Database
✅ One Click BugDatabase Upload
✅ One Click Report Generation
✅ Customize Your Own Report Format
✅ Back UP/Restore Bugs
✅ Back Up/Restore Projects
✅ OWASP(2017) Mapping for Each Bug
✅ Integrated Dread Calculator
✅ Easy Data Modification
7. Manage Projects
Each individual PenTest Project Reporting Process can be managed using the
“Project Management” tab.
It allows for “Creation” of new projects individually with details such as
“Project Owner”, “Created for”, Time Window, dates the Test was conducted
etc.
Each new project created gets populated in the “Projects” section, and is
available for easy access and modification, if required
And create a report just by clicking on the “Generate report” button at the
screen.
8. Manage Bug Database
The ZRT Home screen includes two important sections/tabs that allow the
effective management of a comprehensive Bug database.
1. Add Findings : To add new bug to the database
2. Bug Database : Every bug added will be found here for read & write
purpose.
9. One-Click Options for Knowledge Base Upload and
Report Generation
The upload can be done in 2 ways
1. Feed all the data in the template given & upload in the tool.
2. Find the backup file from ZRT and restore it again.
Note** : You will find the upload template in Zip file you have
downloaded from ZinnoX website.
Similarly, once each individual projects are created, with details of all findings
being selected for each project, all it takes is the click of one button
“Generate” to complete the Report Generation Process
10. Customize Your Own Report Format
Although ZRT comes with a default template and a default format, the
complete customization of the format is also possible
If one chooses to have the Reports from ZRT to be created/generated in their
own specific formats, it can be done by following a simple set of instructions
and a bit of technical know-how
(Complete step by step process for this will be shared upon request)
Note**: You will find the ‘User Manual’ in Zip file you have downloaded
from ZinnoX website.
11. Back Up / Restore Bugs and Projects
The “Bugs Database” section includes an option “Backup Bugs” & “Restore
Bugs” which can be used to take a backup / restore of the entire database for
future use.
Similarly, the “Project management” section includes an option “Backup
Projects” and “Restore Projects”.
This feature is very useful in several instances. For example, if multiple systems
are in use, a backup from one and restore to another system allows the
seamless use of data on ZRT across systems
12. OWASP Mapping for Each Bug
The Open Web Application Security Project (OWASP) is an online community
which offers for free, articles, documentation, methodologies, technology and
even tools in the Application Security field
The OWASP Top 10 is a powerful document on awareness for Application
Security and is a compilation of the broad consensus on most critical risks
Adopting the OWASP Top 10 is considered widely as the most effective first
step to producing secure code
ZRT allows for OWASP Mapping using the “Vulnerability (OWASP)” dropdown
in the “Add Findings” section. A helpful “More Info..” link redirects to the
OWASP.org website for a clear understanding
13. D.R.E.A.D Calculator
The DREAD is a mnemonic for a Risk Assessment Model
to assess the criticality/impact/risk associated with the
computer security threats/vulnerabilities/bugs.
Damage - how bad would an attack be?
Reproducibility - how easy is it to reproduce the attack?
Exploitability - how much work is it to launch the
attack?
Affected users - how many people will be impacted?
Discoverability - how easy is it to discover the threat?
This rating allows us to prioritize on which vulnerability
has to be attended to first, that is, Critical and High
vulnerabilities will have to be looked into first because
they have a higher impact on the application.
(There is a handy “More Info..” link which redirects to
the Wikipedia page on DREAD)
14. ZinnoX Reporting Tool – Unique Proposition
The ZRT is all set to revolutionize the report automation industry by bringing together
the simplest user interface and experience, with the highest impacting value added
features
This makes the entire reporting process a quick, hassle-free experience
The outcome is crisp, concise and comprehensive reports, all in a matter of minutes,
with the push of a series of a few buttons