O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Let's Make Pentesting Fun Again! Report writing in 5 minutes.

27 visualizações

Publicada em

Adrian Furtuna in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.

The slides and other presentations can be found on https://def.camp/archive

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Let's Make Pentesting Fun Again! Report writing in 5 minutes.

  1. 1. Adrian Furtunã Founder & CEO https://pentest-tools.com Let's make pentesting fun again! Report writing in 5 minutes. Fab România
  2. 2. Pentest reporting 2018 https://pentest-tools.com 2
  3. 3. Pentest reporting 2018 https://pentest-tools.com 3
  4. 4. Background info 2018 https://pentest-tools.com 4
  5. 5. About me 2018 https://pentest-tools.com 5 # Ex-fulltime pentester  10+ years of experience in ethical hacking & IT security  Reformed programmer # Founder of Pentest-Tools.com # Associate professor @ MTA, UPB # Speaker at security events and conferences:  Hack.lu - Luxembourg  Hacktivity – Budapest  ZeroNights - Moscow  Defcamp - Bucharest  OWASP Romania, etc
  6. 6. Pentest-Tools.com # We help companies become resilient against cyber attacks  Self-security assessment service  Periodic scans & notifications  Recommendation for fixing the issues  25+ essential tools • Updated • Configured • Ready to run 2018 https://pentest-tools.com 6 20% Effort 80% Security Coverage
  7. 7. Website activity # 1,4 million users last year # Organic growth 2018 https://pentest-tools.com 7 Audience Overview (Google Analytics) Company started
  8. 8. Our customers # > 3000 customers # 120 countries # 80% companies (SMEs) # 20% individuals 2018 https://pentest-tools.com 8
  9. 9. Back to pentest reporting 2018 https://pentest-tools.com 9
  10. 10. Solution 1 # Copy-paste from previous reports  What was the latest good version?  Search for findings in multiple reports  Adapt to the current client (!) 2018 https://pentest-tools.com 10
  11. 11. Solution 2 # Make your own report generator tool  Who makes it?  Who maintains it (bug fixing, new features, updated, etc)?  Who keeps it updated and clean with the latest findings? 2018 https://pentest-tools.com 11
  12. 12. Solution 3 # Use a third-party report generation tool  Serpico: • https://www.serpicoproject.com • https://github.com/SerpicoProject/Serpico  VulnReport: • http://vulnreport.io/ • https://github.com/salesforce/vulnreport # Challenges:  Deployment & Initial configuration  Learning a new reporting tool  Importing scan results 2018 https://pentest-tools.com 12
  13. 13. Our solution # Cloud-based # Scanning Tools => Results => Reporting (.docx) 2018 https://pentest-tools.com 13
  14. 14. Pentest-Tools.com # DEMO 2018 https://pentest-tools.com 14
  15. 15. Vouchers - 300 Free Credits # https://pentest-tools.com/register  Voucher code: DEFCAMP2018  Obtain 300 Free Credits into your new account 2018 https://pentest-tools.com 15
  16. 16. Our team 2018 https://pentest-tools.com 16 Vlad Turcanu Eusebiu Boghici George Pitis Adrian Furtuna Advisors Andrei Pitis Diana Olar Mihai Burduselu Andrei Damian
  17. 17. Thank you! 17https://pentest-tools.com Adrian Furtunã adrian.furtuna@pentest-tools.com 2018 Fab România

×