For many pentesters, the work of investigation, hacking, and scanning sites is only part of the job of a pentest. After, you still have to collate data into findings, share information from vulnerability libraries, and add everything together into a pentest report. That can be time consuming, from the first step of writing up vulnerability data, adding CVE and other scores, and writing up descriptions of those vulnerabilities.
Of course, most of us already heavily rely on vulnerability libraries, and some of us even have extensive libraries in Word, Excel, or a cloud tool. Still, copy-pasting back and forth is error prone and time-consuming. No one wants to do data entry.
That’s why Cyver Core offers automation, automatically linking findings to data, pentest templates, and vulnerability libraries, so you can automate many of those manual processes.
Magic Feature #1: Auto-fill
Every time you import a vulnerability finding to Cyver Core, you have to fill out details like CWE, CVE, criticality, and naming schemes. Cyver Core’s auto-fill feature automatically imports that data based on the title of the imported vulnerability. This means you generate tickets with details like reference links and scoring already in place. You can always check, edit, and adjust that auto-filled data before saving and publishing the finding to the client. However, with the baseline there, you should be able to save time over manually filling it in, for every finding, yourself.
How does it work:
- Make sure the “Auto-fill” toggle is switched to “On” during finding import and Cyver Core will do the rest
“Adding CVSS scores and criticality ratings doesn’t take much time per finding, but over the course of hundreds or even thousands of vulnerabilities per pentest, it can add up.” says Mike Terhaar, cofounder of Cyver and pentester with 25+ years of experience, “Auto-fill is a small feature that minimizes the small details of clicking and adding those numbers and that, even without considering time saved, reduces the hassle of putting together a pentest report. This is useful for every vulnerability finding you upload – unless it’s a finding that isn’t in the database yet”.
Magic Feature #2: Auto-merge
Every pentester has their own vulnerability libraries and it’s important that you be able to use them in the tooling you use to build reports. If you’re using Cyver Core, your library should be in Cyver Core. So, Auto-merge enables you to merge data from existing Findings to a new upload, based on the title of the finding. It functions just like your existing vulnerability library except data is migrated automatically during the finding import, with no copy-paste needed.
From there, all you have to do is check the details, add custom details for the client or project, and upload your proof of findings or process. Otherwise, your custom descriptions and finding details are all still there.
How does it work:
- Create a Vulnerability Library. You can have library per client, per language, per compliance framework, etc.
- Select the Vulnerability Library you’d like to pull from during project setup or by editing the project
- Make sure the “Auto-merge” toggle is switched to on during Findings import and Cyver Core will do the rest.
“Auto-merge is really powerful because it gives you the opportunity to have your own custom library in Cyver Core, to deliver unique value to clients. Human-made descriptions are always better. It’s also really powerful if you want to merge to different languages, e.g., if you want to deliver pentests in French or German, you can merge libraries you’ve already translated and everything is there”
Magic Feature #3: Auto-report
The pentest report is the final deliverable for many pentesters. While many organizations are increasingly shifting away from delivering “just” a report and are delivering tickets that developers can immediately use to remediate vulnerabilities, many organizations still rely on the report. At the same time, building a good report can take hours. Cyver Core automatically generates that report using a combination of Project Templates, Imported Findings, and Tokens to autofill data.
How does it work:
- Set up the client in Cyver Core with all relevant details
- Create a project template with relevant details like compliance frameworks and methodology
- Import findings to the project, edit them, and publish
- Click “Generate a report” to automatically generate a report with sections based on the project template, including client data, methodology, findings, and compliance data included.
From there, you can review your pentest report, make changes, add custom descriptions and high-level summaries, make sure generated charts and graphics look good, and even invite collaborators to review the document before you publish it to the client.
“PDF reports are so important to pentesters, I often spend 20% or more of the total time of the pentest on the report. Cyver Core reduces that by 40-75% depending on the type of pentest and how much I have to customize executive summaries and details. That works out to hours per pentest, every pentest, while reducing copy-paste errors, ensuring formatting and layout are always the same, and generating graphics that would take me hours to do myself”
Have you tried Cyver Core’s magic features? Whether you’re pentesting internally or externally, Cyver Core’s pentest management platform can save you time documenting, managing, and reporting on vulnerability findings. If you’d like to learn more, contact us for a free demo.