Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

Security & GRCKPIs, Metrics & ReportingThreat & Vulnerability Management+6 more
2.1k views3 Upvotes3 Comments
Chief Security Officer in Software, 10,001+ employees
Its not exactly automation of reports but we are looking at AttackIQ to automate parts of the pentesting process including reporting. Happy to chat further if interested.
3
CISO in Energy and Utilities, 201 - 500 employees
CompTIA PenTest+ (PT0-002) includes best practices for automation techniques and it has been released in late October 2021. The exam assesses how to perform automated vulnerability scanning and penetration testing using appropriate tools and techniques, and then how to analyze the results as shown below.  

Domain 2.0 Information Gathering and Vulnerability Scanning

2.4 Given a scenario, perform vulnerability scanning. Includes vulnerability testing tools that facilitate automation.

Domain 5.0 Tools and Code Analysis  

5.2 Given a scenario, analyze a script or code sample for use in a penetration test. Includes automating the penetration testing process and next steps based on results of a scan.
5.3 Explain use cases of the following tools during the phases of a penetration test. Includes automation tools for scanning and web application testing.

Most modern penetration testing tools include automation capabilities. For example, you can find automation testing features in Metasploit, Nettacker, Jok3r, Legion, Sn1per, Open Security Content Automation Protocol (SCAP), OWASP ZAP and Burp Suite – to name a few.
3
VP of Information Security in Services (non-Government), 11 - 50 employees
There is an emerging security technology domain, breach and attack simulation (BAS), that has the capability to automate penetration testing reporting in a 24x7 basis.

I would be more than happy to provide more information how BAS works, pros and cons, cost model etc.
3

Content you might like

How have you dealt with unexpected IT expenses that arise during cost reduction initiatives?

Process ManagementIT Strategy & RoadmapCost Optimization+1 more
CIO in Education, 1,001 - 5,000 employees
We've basically had to absorb the cost and figure out how to defer other less important initiatives.
1.8k views1 Upvote1 Comment

How concerned are you about effects of an attack on your supply chain?

Security & GRCThreat & Vulnerability Management

Very concerned38%

Somewhat concerned50%

Not concerned11%


738 PARTICIPANTS
2k views1 Upvote2 Comments

What is most important when you implement secure inbound communications to your organization?

End-User Services & CollaborationSecurity & GRC

Messages or documents must be encrypted/secure as they travel over the Internet51%

Messages or documents must be encrypted internally (at-rest) when stored in my organization26%

Both are equally important22%


276 PARTICIPANTS
976 views2 Upvotes

Have you been able to successfully integrate AI/ML into your enterprise search? What were your greatest challenges or failures in doing so?

Strategy & ArchitectureEnd-User Services & CollaborationApplications & Platforms+25 more
1.2k views3 Upvotes1 Comment

Apart from network segmentation/microsegmentation, what are some other ways that orgs can minimize downtime during a breach (especially with large-scale and complex systems)?

Security Strategy & RoadmapThreat Intelligence & Incident ResponseResilience
266 views