At the Security Factory, we are constantly looking to improve the security of our customers. This time, we are upgrading our reporting technique. With a new online platform where customers can log in and evaluate the security of their applications in real-time while we are testing.
Previously, after a penetration test, our customers received a PDF report with all the information about the executed penetration test. This included scoping details, timeline, management summary and graphs, finding details with remediation advice, consequences and evidence etc.
Easy to say, this could be a very lengthy document for some tests where you could lose the overview of the complete test. But of course, this was how we delivered testing results for the last 10 years and it has been proven to work for many of our customers.
However, in today’s fast-paced business (and security) environment, a quicker way of delivering results is needed. With our new online reporting tool, we can deliver real-time updates and insights while testing the application. This way, all necessary information can be directly communicated with the correct people and security flaws can be fixed faster. It even provides an easy way for developers to communicate and discuss the issue directly with our testers through the platform.
This could be especially useful when critical issues are discovered on live systems. The faster a security flaw is fixed, the less likely it is to be exploited by malicious actors. This minimizes potential damage and reduces the risk of data breaches or system compromise.
In the future, we would also like to include more features in the new reporting application. Stuff like “requesting a new penetration test” or “requesting a retest on one specific issue” should be possible through the reporting tool. This could make the workflow from start to finish a lot smoother and we should see an increase in issues being flagged as “fixed” issues sooner. This helps our customers get a clear view of their applications and the evolution of their security.
In conclusion, we feel that the timing is perfect for ushering in an innovative change to our reporting and penetration testing workflow. This transformation holds the promise of enhancing your penetration testing experience significantly, providing you with a far more comprehensive and insightful view of your systems’ security landscape.