Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Death to PDF!

SpiderLabs customers are frustrated with PDF reports:

  • You can't search them
  • You can't sort them
  • You can't assign pieces of them
  • You can't trend them

PenTest Manager, the reporting tool used by Trustwave SpiderLabs to manage, track and report results of penetration tests, was designed specifically to solve these issues. We realized that the way most consulting company's delivery reports just doesn't work.

This week, we pushed out a new set of reporting updates for Trustwave PenTest Manager which is now available for all customers. Why? Reporting enhancements are one of the most requested features we get from customers.

The major updates are:

  • Customized Methodologies - Within SpiderLabs, we understand that a standard, canned approach to risk assessments does not always work. Business risks differ across organizations; technologies change and evolve, and therefore require different tools, different techniques, and a fresh approach. We have enhanced our online reporting to now support customized test methodologies, so get your ATMs, SCADA systems, and arduino home automation systems ready for SpiderLabs deep technical security reviews.
  • Tag and Report on Specific Findings– Now you can add a personalized tag to a finding in the form of a keyword or term, and then generate reports based on your tagged findings. Group and report security findings by business unit, engineering group, geographical region, or any other way you want to slice the data. This tagging and filtering works at both a test level and a finding level to provide complete control to generate customized reports.
  • Overall CVSS Scoring – Since PenTest Manager is the only online reporting tool for consultant-led penetration testing, we are in a unique position to not only provide Base CVSS scores, but also provide temporal and environmental vulnerability information that accurately reflects the risk to a business through our hands–on testing approach. Automated tools have no way to understand and report the Overall CVSS score given the complexities of diverse technical environments and lifecycle of exploits…but we do!
  • Performance Enhancements – Nobody wants to wait for data to load or reports to generate, so we took significant steps to speed up the responsiveness of PenTest Manager by refactoring key areas for performance.