Report writing in 5 minutes. · Vlad Turcanu Eusebiu Boghici George Pitis Adrian Furtuna Advisors...
Transcript of Report writing in 5 minutes. · Vlad Turcanu Eusebiu Boghici George Pitis Adrian Furtuna Advisors...
Adrian Furtunã
Founder & CEO
https://pentest-tools.com
Let's make pentesting fun again!
Report writing in 5 minutes.
Fab România
Pentest reporting
2018 https://pentest-tools.com 2
Pentest reporting
2018 https://pentest-tools.com 3
Background info
2018 https://pentest-tools.com 4
About me
2018 https://pentest-tools.com 5
# Ex-fulltime pentester
10+ years of experience in ethical hacking & IT security
Reformed programmer
# Founder of Pentest-Tools.com
# Associate professor @ MTA, UPB
# Speaker at security events and conferences:
Hack.lu - Luxembourg
Hacktivity – Budapest
ZeroNights - Moscow
Defcamp - Bucharest
OWASP Romania, etc
Pentest-Tools.com
# We help companies become resilient against cyber attacks
Self-security assessment service
Periodic scans & notifications
Recommendation for fixing the issues
25+ essential tools
• Updated
• Configured
• Ready to run
2018 https://pentest-tools.com 6
20% Effort
80% Security Coverage
Website activity
# 1,4 million users last year
# Organic growth
2018 https://pentest-tools.com 7
Audience Overview (Google Analytics) Company started
Our customers
# > 3000 customers
# 120 countries
# 80% companies (SMEs)
# 20% individuals
2018 https://pentest-tools.com 8
Back to pentest reporting
2018 https://pentest-tools.com 9
Solution 1
# Copy-paste from previous reports
What was the latest good version?
Search for findings in multiple reports
Adapt to the current client (!)
2018 https://pentest-tools.com 10
Solution 2
# Make your own report generator tool
Who makes it?
Who maintains it (bug fixing, new features, updated,
etc)?
Who keeps it updated and clean with the latest
findings?
2018 https://pentest-tools.com 11
Solution 3
# Use a third-party report generation tool
Serpico:
• https://www.serpicoproject.com
• https://github.com/SerpicoProject/Serpico
VulnReport:
• http://vulnreport.io/
• https://github.com/salesforce/vulnreport
# Challenges:
Deployment & Initial configuration
Learning a new reporting tool
Importing scan results
2018 https://pentest-tools.com 12
Our solution
# Cloud-based
# Scanning Tools => Results => Reporting (.docx)
2018 https://pentest-tools.com 13
Pentest-Tools.com
# DEMO
2018 https://pentest-tools.com 14
Vouchers - 300 Free Credits
# https://pentest-tools.com/register
Voucher code: DEFCAMP2018
Obtain 300 Free Credits into your new account
2018 https://pentest-tools.com 15
Our team
2018 https://pentest-tools.com 16
Vlad Turcanu Eusebiu Boghici George Pitis Adrian Furtuna
Advisors
Andrei Pitis Diana Olar
Mihai Burduselu Andrei Damian
Thank you!
17 https://pentest-tools.com
Adrian Furtunã
2018
Fab România