“We’ve had a lot of conversations with the Cyver Core team and each time, you’ve been quite reactive, you’ve improved issues every time we talked.”
PentestFirmB offers cybersecurity services including pentesting and infrastructure security – focusing on the build-side. It primarily operates in France, where its clients are looking for help securing their mobile and web apps and infrastructure. As a result, pentesting is not its main focus. PentestFirmB also asked that we anonymize their data for the case study.
We interviewed an ethical hacker on the pentest team inside of PentestFirmB to discuss how they’re using Cyver Core to support multi-language pentest reporting and delivery.
The Firm:
PentestFirmB employs 80+ people to deliver infrastructure cybersecurity to its clients in France and across western Europe.
- Clients: 80+
- Projects on Cyver Core: 12+
- Plan: Starter
- Location: Paris, France
- Rates Cyver Core: 8 out of 10
- Started: 2021
Choosing Cyver Core
PentestFirmB was looking for a tool to write and generate pentest reports. The team decided it needed automation to generate vulnerability data and to create professional looking reports. They created a list of critical features:
- Markdown support
- Collaboration tools
- CSS modification
- Vulnerability library
- Report generation
- Mapping findings to frameworks
- Access management
- Multi-factor authentication
- Finding status
From there, the team created a list of potential options, including:
- Security Reporter
- AttackForge
- PentestTools
- Cyver Core
Eventually, Cyver Core was chosen, and PentestFirmB started using the platform.
“I talked to Luis, I liked the tool, the price was one of the most important aspects because the other tools were more expensive, but Cyver Core met all of our feature requirements – although we’d need to upgrade to the pro plan to get collaboration tooling. We also needed a platform with multi-language support, and Cyver Core offers that functionality.”
“The relationship with Luis was really important, if you want to work with someone, the human factor is important, Cyver Core was more friendly than our other options – that was a good reason to choose you.”
Generating Pentest Reports in French and English
PentestFirmB is a French company, meaning most of their clients need reports in French. However, with international clients and international compliance needs, they also needed English. PentestFirmB worked together with the Cyver team to request custom tokens and support for their language needs.
That included custom tokens to deliver the reports in French. PentestFirmB also has custom templates in French – with some tweaks made to adjust titles and descriptions to French. This was important, because the firm delivers about 80% of their reports in French.
“We’ve requested changes to the report as well and Cyver has made changes”.
Using the Platform
“We only use Cyver to generate pentest reports, as our clients may not want to switch to a SaaS tool. Our pentesters, on the other hand, like it, they like using it, and all of our pentesters are using the platform to add and update vulnerabilities”
“There were also some bugs at first, but we reported them and there are less and less issues in the platform, that’s nice to see. Overall things are good, easy to use, and you implement new features and fixes frequently. That’s a good thing.”
PentestFirmB also uses Cyver Core’s access management features to give auditors access to the report in a secure portal. Each new pentest takes about 5 minutes to set up on the platform.
“Currently we spend about 3-4 hours per pentest writing the report, including customization and updating the report. That would probably be about double if we were to stop using Cyver Core and had to do all the formatting manually.”