In ever evolving software development world, security is also becoming fast paced. Hence, each product going through the pentest cycle has to be managed effectively and efficiently. Managing multiple pentests and testers is important. A single pane of glass view for all of these with risk posture is helpful. Security penetration testing is becoming as necessary and as usual a practice as software testing. Most, if not all, organizations either have their own penetration testing team or they utilize third-party pentesters.
Imagine any fast-paced organization developing multiple product lines and planning to release each of them from time to time. It becomes challenging for the organization's security team to efficiently manage all of these pentest activities running and effectively produce security assessment reports and track them. Because of such volume of work, the numbers of pentesters in organizations are increasing to keep up. Each pentester is doing multiple pentests. The next cycle of a previous pentest can get assigned to another pentester. Each pentesting cycle has issues and recurring issues. And above all, managing all these using Excel worksheets is nightmare. A pentesting activity knowledge base is kind of must. A single-pane-of- glass view to all pentests running, and the issues identified, is a necessity for everyone involved in the security review cycle. To solve these challenges, I have developed a solution called Managing Pentest (MPT): Pentest in Action.
MPT helps us solve various problems: - Asset DB to know all organisation assets that are in pentest process. You can’t secure what you are not aware of! - Tracking each pentest - Pentesting activity knowledge which comprises of what particular let say application does, or the purpose of hardware that we are testing - When the next pentester takes over the testing all they have to do is view the asset and associated information, which is already there - Time taken for each pentest - Real time tracking of activity - Issue status - Common issues that are observed
Why MPT? MPT also provides security pentest analytics, which helps us not only track and view everything in single pane of glass but also: Finding improvement areas to boost pen tester productivity Understand the current risk posture Understand recurring issues
