Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

2.1k views3 Upvotes3 Comments

Chief Security Officer in Software, 10,001+ employees
Its not exactly automation of reports but we are looking at AttackIQ to automate parts of the pentesting process including reporting. Happy to chat further if interested.
CISO in Energy and Utilities, 201 - 500 employees
CompTIA PenTest+ (PT0-002) includes best practices for automation techniques and it has been released in late October 2021. The exam assesses how to perform automated vulnerability scanning and penetration testing using appropriate tools and techniques, and then how to analyze the results as shown below.  

Domain 2.0 Information Gathering and Vulnerability Scanning

2.4 Given a scenario, perform vulnerability scanning. Includes vulnerability testing tools that facilitate automation.

Domain 5.0 Tools and Code Analysis  

5.2 Given a scenario, analyze a script or code sample for use in a penetration test. Includes automating the penetration testing process and next steps based on results of a scan.
5.3 Explain use cases of the following tools during the phases of a penetration test. Includes automation tools for scanning and web application testing.

Most modern penetration testing tools include automation capabilities. For example, you can find automation testing features in Metasploit, Nettacker, Jok3r, Legion, Sn1per, Open Security Content Automation Protocol (SCAP), OWASP ZAP and Burp Suite – to name a few.
VP of Information Security in Services (non-Government), 11 - 50 employees
There is an emerging security technology domain, breach and attack simulation (BAS), that has the capability to automate penetration testing reporting in a 24x7 basis.

I would be more than happy to provide more information how BAS works, pros and cons, cost model etc.

Content you might like

CIO in Education, 1,001 - 5,000 employees
We've basically had to absorb the cost and figure out how to defer other less important initiatives.

1.8k views1 Upvote1 Comment

Very concerned38%

Somewhat concerned50%

Not concerned11%


2k views1 Upvote2 Comments

Messages or documents must be encrypted/secure as they travel over the Internet51%

Messages or documents must be encrypted internally (at-rest) when stored in my organization26%

Both are equally important22%


976 views2 Upvotes