Automating pentest reporting saves considerable time on every pentest. In fact, our data suggests automation saves 79-85% of time on reporting. While Cyver Core uses multiple stages of automation, including re-using pentest templates, automating finding import, and automating vulnerability finding data population from your vulnerability library, we also use Tokens. Tokens are placeholders in your pentest report template, which allow you to import data from a client, project, or vulnerability in the platform.
You add in tokens in your report template, and then when you generate the report for a given project – it automatically uses the data from that project. This might include Client Data, Project Scope, Vulnerability Findings sorted by criticality, etc.
Currently, Cyver Core uses 33 tokens:
| Token | Function |
| {Client_Name} | Client Name |
| {Client_Logo} | Client logo that was uploaded |
| {Project_Code} | Project Code |
| {Project_Name} | Pentest Name |
| {Project_Status} | Pentest status at the moment of report generation |
| {Project_TemplateName} | Project template name |
| {Project_TestingEndDate} | Testing start date |
| {Project_TestingStartDate} | Testing end date |
| {Project_Checklist} | Checklist name |
| {Report_CreationDate} | Report creation date |
| {Report_Version} | Report version |
| {Team_Lead} | Name of the pentester lead |
| {Team_Pentesters} | Names of pentesters (excludes lead) |
| {Findings_Vuln_High_SummaryList} | Table with “High” severity vulnerabilities |
| {Findings_Chart_Severity} | A pie chart with vulnerabilities by severity |
| {Findings_Vuln_Critical_Count} | Count of “Critical” severity vulnerabilities |
| {Findings_Vuln_High_Count} | Count of “High” severity vulnerabilities |
| {Findings_Vuln_Med_Count} | Count of “Medium” severity vulnerabilities |
| {Findings_Vuln_Low_Count} | Count of “Low” severity vulnerabilities |
| {Findings_Vuln_Table} | Table with all vulnerabilities (finding name + severity) |
| {Findings_Vuln_Status_Table} | Table with vulnerabilities and status (finding name + status) |
| {Findings_Vuln_DetailsList} | List of all vulnerabilities with details (non-empty fields) |
| {Findings_Obs_Table} | Table with all observations |
| {Findings_Obs_DetailsList} | List of all observations with details (non-empty fields) |
| {Findings_L-<label>_Table} | table with all findings containing label <label> |
| {Findings_L-<label>_DetailsList} | Detailed list of all findings containing label <label> |
| {ComplianceNorm_Table} | Compliance norm table with all controls and related findings |
| {ComplianceNorm_Name} | Compliance norm name |
| {Scope_AssignmentObjectives} | Client assignment objectives |
| {Scope_Methodology} | Project methodology |
| {Scope_Assets_Count} | Count of project assets |
| {Scope_Assets_List} | List of project assets |
| {Findings_Nonconf_Table} | Table with all non-conformities |
| {Findings_Nonconf_DetailsList} | List of all non-conformities with details (non-empty fields) |
Eventually, the goal is to reduce the amount of manual work per pentest report. Because, the less you have to rewrite and copy-paste, the faster and easier your reports become.
To see more, schedule a demo and we’ll show you how it works in our demo environment.
