Are You A PenTexter? Open-Sourcing Pentest Reporting and Automation.

Presented at BSidesLV 2016, Aug. 2, 2016, 11:45 a.m. (45 minutes)

This talk will announce a new OWASP project: PenText, a fully open-sourced XML-based pentest document automation system. The PenText system is a document automation framework that supports the entire pentesting lifecycle: from the initial inquiry, through pentest scoping, quotations, pentesting, and reporting, through the final invoice.

During this talk, we will demonstrate the OWASP PenText system live, in the context of our larger Pentesting ChatOps infrastructure (RocketChat, Hubot, and Gitlab). We will describe the basics of how the OWASP PenText system is architected (XML, XSLT, XSL-FO), and show how the system can be used to manage the entire lifecycle of pentesting data, including the automatic generation of documentation at various points in the process (including quotations, pentest reports, and invoices).

The OWASP PenText system was built and tested by the globally-distributed team at Radically Open Security. This system is at the heart of our own pentesting workflow, and we feel passionately that this 100% free and open-sourced framework will also be useful to your organization.

Presenters:

• Peter Mosmans - Lead Pentester - Radically Open Security
  I currently lead a team of passionate, idealistic, and overall excellent pentesters around the globe at Radically Open Security. Being a builder first, I started in the nineties as software engineer working on Internet banking applications for European financial institutions. Later on I started specializing in pentesting complex and feature-rich web applications. I'm a contributor to several open source security projects and maintain an extra-featured OpenSSL fork. Ethical security enthusiast.
• Melanie Rieback - CEO/Co-founder - Radically Open Security
  Dr. Melanie Rieback is the CEO/Co-founder of Radically Open Security, the world's first non-profit computer security consultancy company. She is also a former Assistant Professor of Computer Science at VU who performed RFID security research (RFID Virus and RFID Guardian), that attracted worldwide press coverage, and won several awards (VU Mediakomeet, ISOC Award, NWO I/O award, IEEE Percom Best Paper, USENIX Lisa Best Paper). Melanie worked as a Senior Engineering Manager on XenClient at Citrix, where she led their Vancouver office. She was also the head researcher in the CSIRT at ING Bank, where she set up their Analysis Lab and spearheaded the ING Core Threat Intelligence Project. For fun, she co-founded the Dutch Girl Geek Dinner in 2008. Melanie was named 2010 ICT Professional of the Year (Finalist) by WomeninIT, one of the 400 most successful women in the Netherlands by Viva Magazine (Viva400) in 2010, and one of the fifty most inspiring women in tech (Inspiring Fifty Netherlands) in 2016.

Links:

• https://bsideslv2016.sched.com/event/7azc/are-you-a-pentexter-open-sourcing-pentest-reporting-and-automation

Similar Presentations:

• May Contain Hackers (MCH2022) / A CISO approach to pentesting; why so many reports are never used
• Black Hat USA 2013 / Practical Pentesting of ERPs and Business Applications
• Wild West Hackin' Fest 2018 / Prismatica | The Pentest Sidekick