Cyver Core is first and foremost a pentest management and collaboration platform. That means we deliver tooling to manage and streamline pentesting, across all aspects of project, client, and workflow management and automation. Our goal is to look for ways to create efficiencies and time-saving opportunities that allow pentesters to stop managing pentests and get back to pentesting. For that reason, Pentest reporting has always been a large part of what we do.
At the same time, Cyver Core is hard at work trying to meet the needs of our clients and our users. Initially when we started with pentest report automation, we focused on just that. Automation. Today, with feedback from our clients and our users, we offer a more customizable approach with a focus on generating reports based on highly customizable content. We call that approach narrative reporting. Narrative reporting is a more customizable way to automate pentest reporting so you stay in control, without spending the time to manually create your reports. Having that flexibility should also allow our clients to differentiate themselves on the market, by being able to quickly adapt to new client requirements, adjust pentest reports to match, and deliver exactly what the client asks for with a minimum of extra time and expense.
“When we started with streamlining reporting,” says Cyver CEO and founder Luis Abreu, “We really took what I would call the factory approach. You define a structure upfront with a static report and sections and then the platform fills in the blanks to generate that content. That approach meant that you could have 90% of the final report finished by clicking a button and then refine the final 10% yourself. That approach is still there, and, of course, it is one that many of our clients use especially for scans and assessments. So long as you put in the work on the findings and your findings library, the report just kind of builds itself”
“However, that approach doesn’t suit all of our clients,” adds Luis, “We noticed early on that a lot of our users were requesting more and more customizable report functions. Some of them wanted to export to Word. So, I started asking why. The answer is, of course, that our users often have very custom and specific reporting needs and that means they need the ability to create highly dynamic report templates that adapt to the specific pentest they’re running then.”
“If you have a red team assessment, you have to be able to add your specific steps and methodology. Those steps are going to be different every time you report because the assessment is always going to be different. We needed dynamic reporting content, and we needed to do it in a way that didn’t require our clients to rewrite content every time or worse to copy-paste into something like Word.”
Dynamic Pentest Reporting Structure
Cyver Core now offers more pentest reporting features than ever. One of those features is the ability to build a dynamic pentest narrative in your report, for full customization of the pentest report template and full customization of the final report.
What’s new:
With narrative reporting, we want to offer the freedom and flexibility to create narratives on the fly by adding new sections, text blocks, etc., but also to ensure that you still benefit from consistent quality and reduce human error by reusing those narratives and text blocks from a library. That will also ensure you save time rather than rewriting that information every time.
Text Blocks – Create writeups for your clients, methodology, approach, asset type, or other specific approach. Save that content to the library. Make sure you use a good title and label so it’s searchable in the future. Then, add that text block to any report template while you’re editing it. Just click, preview, and click to add. It’s that easy.
Report Sections – You can build out full report sections in the same way. Unsure if you need a summary on a specific methodology? Write one up anyway and add it dynamically, with the click of a button. It’s in your report if you need it, complete with tokens to generate tables and pull data from your findings and clients.
Adjust Report Structure – You can also dynamically change the structure of your report. Move your sections around, add new ones, and add your write-ups and pre-canned content wherever you want. The report will adjust dynamically, so table of contents, chapter order, and other data is always correct.
Most importantly, just like with the vulnerability library, content is either dynamic or static. This means you can either create a clone/copy of your text block. It then goes into your report as a static element and will only update when you edit the report template itself. Alternatively, you can create a dynamic copy that updates whenever you update the master content block in the library. That gives you the freedom to maintain more reports and report sections with duplicate content, without worrying about maintenance.
Here’s how it works:
- Build your pentest report template
- Save pentest report sections individually to the content library
- Create reusable content blocks
- Make sure your vulnerability library is filled out so you can generate content
- Mix and match and add anything you want to your current report, as it’s needed
These new tools give you more creativity and customization with our existing pentest report generation tools. That means you can generate fully custom reports with sections, methodology, and descriptions defined by the pentest, without creating a unique report and without creating unique content.
“Cyver Core always put the focus on reducing automated work and ensuring consistency in pentest reporting. Now, we can leverage those same benefits, while offering the freedom to customize the report on the fly, so you can build exactly the pentest report you need without resorting to custom content.”
If you want to know more, contact us for a demo or a feature walkthrough if you’re already using Cyver Core.