Highlights
Company: NullForge Security (anonymous)
Industry: Cybersecurity / Pentesting
Use Case: Web & network pentesting, short engagements (≈5 days), high repeat business
Cyver Core Tenure: ~3 years
Top Drivers: Faster reporting, live client updates, smoother comms & retests
Impact:
- Reporting time cut ~50% (esp. network tests)
- Live reporting: findings pushed during testing, not days later
- Easier client collaboration (credentials, docs, retests in one portal)
- Strong client return rate with hundreds of engagements per year
Background
NullForge Security focuses exclusively on penetration testing—web applications, networks, and more. Their operating model is built around short, focused pentests (often ~5 days) and repeat engagements across the year. With so many projects and a steady stream of returning customers, the team needed a platform to streamline reporting, enable live updates, and keep client collaboration tidy.
They adopted Cyver Core nearly three years ago, after experimenting with internal reporting tools (from a homegrown Word generator to a Pandoc-based pipeline) and trialing other commercial offerings. Cyver Core won out for simplicity, faster setup, and a workflow that matched how NullForge prefers to operate.
Challenges Before Cyver Core
- Reporting drag: Writing reports was the most time-consuming, least enjoyable part for testers, often saved until the end of an engagement.
- Slow client updates: Critical issues needed to be communicated quickly, but that meant spinning up ad-hoc Word docs and emails—easy to miss and hard to track.
- Fragmented collaboration: Credentials, documents, and retests were scattered across tools and email threads.
“Making reports is the most boring part of our work. If you can make that easier, testers spend more time digging deeper into the app or network.”
Why Cyver Core
NullForge evaluated several platforms and chose Cyver Core because it was fast to implement and opinionated in the right places—making it easier to adapt the business to the product rather than customizing endlessly.
Key factors:
- Simplicity & speed: Less overhead and configuration than alternatives.
- Live reporting: Create findings during testing, attach evidence immediately, and push to QA in the flow.
- Client portal: One place to share credentials, upload docs, message securely, and request retests (full scope or finding-specific).
- Growing flexibility: Over time, the product introduced more customization (e.g., finding templates), increasing power without losing overall ease of use.
“You start your test, find a vulnerability, create the finding, add evidence, push to QA—that’s done. At the end, it’s mostly the management summary and generate the PDF.”
Implementation
- Live reporting as policy: Testers log findings as they go, including evidence, then push them to QA—shifting the “report day” into the daily workflow.
- Portal-first collaboration: Clients log in to provide credentials, follow progress, and coordinate retests.
- Hybrid client usage: Some clients use the portal deeply (requests, messaging, remediation status), others simply log in to download the PDF—NullForge supports both.
- Data hygiene: To match internal policy, NullForge deletes projects after completion (they do fewer continuous tests), keeping the portal lean and aligned to their processes.
Results
- ~50% faster reporting (especially for network tests) thanks to live, incremental finding creation.
- Earlier remediation: Clients see critical issues during the engagement, not just at the end—shortening exposure.
- Cleaner comms: Credentials, docs, messages, and retests happen in one audited place.
- Scale without chaos: With hundreds of pentests per year, the team maintains pace and quality, and clients return regularly.
“We have a lot of customers that return for short pentests throughout the year. The reporting tool helps—we even use it as a selling point.”
Feedback & Feature Evolution
NullForge appreciates that Cyver Core continues to evolve—client templates and event logs/audit logs are on the roadmap they care about. They note notifications can get noisy when many projects run in parallel (e.g., same email type for publication and retest requests), and they flagged a sorting quirk past 999 items. Still, they rate Cyver Core 7–8/10 today—“one of the better solutions” they tested—and a platform they couldn’t easily replace without reworking operations.
“We’ve onboarded new pentesters directly into Cyver Core. Templates and workflows are there—they don’t need to copy/paste boilerplate anymore.”
Conclusion
By adopting Cyver Core, NullForge Security turned reporting from an end-of-week slog into an in-flow activity, enabling live client updates, smoother retests, and faster delivery overall. The result: more time testing, less time formatting, and a scalable PTaaS model that supports both light-touch and highly interactive clients.
Key takeaway: Cyver Core helps NullForge move faster, communicate clearer, and scale sanely—without drowning in admin.
