Blog

Cyver Core is a Pentest Management platform allowing pentesters to deliver Pentest-as-a-Service. Our blog covers features, industry topics, and updates.

Leveraging GenAI for Pentest Reporting with Cyver Core 

Leveraging GenAI for Pentest Reporting with Cyver Core 

Jun 25, 2024

Pentest reporting is still one of the most time-consuming aspects of pentesting. For many pentesters, that means spending 20-60% of the total time to pentest on writing a report. Often, that means having a skilled technical employee engage in routine and relatively...

read more...
Features to Look for in a Pentest Reporting Platform

Features to Look for in a Pentest Reporting Platform

Jun 11, 2024

For pentesters, the report is often an unfortunate part of pentesting. It’s part of your job, but it’s often a time-consuming and painful job where you copy-paste data from libraries, tools, and even the Internet to build out a final report for the client. The end...

read more...
Collaborating on Pentest Reporting with Your Pentest Team

Collaborating on Pentest Reporting with Your Pentest Team

May 21, 2024

Most pentest and cybersecurity companies start out small. You have one or two pentesters at most, and those pentesters largely work alone to deliver results to clients. For most cybersecurity firms, the goal is to grow – and that means eventually expanding the...

read more...
How Long Do You Spend on Pentest Reporting? 

How Long Do You Spend on Pentest Reporting? 

Apr 23, 2024

Pentest reporting is the deliverable for most pentests – even if you’re primarily testing for teams that want to remediate. Your report is the client's key to remediation, to compliance, and to ensuring they have the means to understand what the cybersecurity...

read more...
How to Save Time on Custom Content in Pentest Reports For most pentesters and security testers, the report is the deliverable that your clients are paying for. While your methodology, tooling, and expertise are your market differentiator, the client is eventually paying for a report showing them what vulnerabilities they have impacting their infrastructure and environments. Automating and streamlining pentest reports allows you to cut manual work around building those reports. For example, with Cyver, streamlining report generation means automatically importing findings from tooling, automatically merging them with existing findings, automatically pulling data from the vulnerability library, etc. That automated approach to pentest reporting means you can set up templates and then auto fill that data, saving our users an average of 40-84% of time per report. Still, a survey of our users showed that most of our pentesters are still spending most of their time writing unique content for each report. That works out to 50-75% of time spent on a pentest report spent on writing unique content. When a report takes those same users 2-4 hours (when using Cyver Core) on average, that’s a lot of time spent writing! You need more flexibility and more ways to re-use content across your reports to ensure that you can continue to optimize how you spend your time writing reports. Cyver Core offers a better way to generate your reports and then add your custom content, while reducing workload as much as possible. We achieve that with: Pentest report templates A token system to auto-populate reports with vulnerability findings, client, project, methodology, asset, and other data Content libraries including vulnerability libraries, content blocks, and report sections that you can add and remove from your reports on the fly An integrated review process to speed up delivery to the client Report delivery in a secure web-app portal Remediation support, so you can automatically update the report following remediation and re-testing. Let’s take a look at how you can use that to streamline how you add custom content to your pentest reports. Preparing Pentest Report Templates Your pentest report template should reflect how you normally report on pentests, with all of the basic elements laid out. Most of the time that means an executive summary, information about methodology, a section on scoping, a section on different types of findings, and potentially full findings details. Cyver uses tokens so you can take that same pentest report and automatically populate it with data from any client, project, and scope. Providing you’re using the platform, you can pull any data in the platform in the report by adding a token where you want it. No more manually copy-pasting data into a report. Instead, it automatically imports that data, generates relevant tables and charts, and you’re good to go. Once your report is ready to go, you automatically generate it complete with findings per section, with charts and other data automatically generated for you. That process is enough whenever you have a straightforward pentest that never changes. However, when you want to add unique content, Cyver also supports that. Write Unique Content as You Need it and Save It to a Library You’re always going to need unique content for your pentest reports. At the same time, those writeups will often be very similar and will have a lot of overlap. If you’re using Word, it often doesn’t make sense to save those writeups because going through the process of finding the right file and adding it to your document might be as time-consuming as writing a few lines. Cyver offers a workaround, so you can easily add a blank content block to your report, write your custom content, and then save it to your content library. In the future, when you add a custom content block, you can pull from that library, to re-use existing blocks. You can also do so by adding the master file, meaning that any changes you make go into the master file OR by creating a copy, which you can edit without updating the master file. Of course, that does mean using labels and a naming scheme so that your content blocks are searchable. We recommend a labeling system by client, methodology, vulnerability framework, and type. At the same time, it means you can build up a content library over time, so eventually, you can easily add a block of text, edit it to suit the report at hand, and minimize how much time you spend writing unique content. And, there will always be fringe cases of completely unique scenarios and writeups, but a content library will minimize the number of times you have to write something completely from scratch. Want to try it out? Contact us for a demo or a feature walk-through.

How to Save Time on Custom Content in Pentest Reports  

Mar 19, 2024

For most pentesters and security testers, the report is the deliverable that your clients are paying for. While your methodology, tooling, and expertise are your market differentiator, the client is eventually paying for a report showing them what vulnerabilities they...

read more...

Read More

Blog

Case Studies

New Features

Press Releases