Are You A PenTexter? Open-Sourcing Pentest Reporting and Automation. presented at BSidesLasVegas 2016

by Melanie Rieback, Peter Mosmans,

Summary : This talk will announce a new OWASP project: PenText, a fully open-sourced XML-based pentest document automation system. The PenText system is a document automation framework that supports the entire pentesting lifecycle: from the initial inquiry, through pentest scoping, quotations, pentesting, and reporting, through the final invoice.
During this talk, we will demonstrate the OWASP PenText system live, in the context of our larger Pentesting ChatOps infrastructure (RocketChat, Hubot, and Gitlab). We will describe the basics of how the OWASP PenText system is architected (XML, XSLT, XSL-FO), and show how the system can be used to manage the entire lifecycle of pentesting data, including the automatic generation of documentation at various points in the process (including quotations, pentest reports, and invoices).
The OWASP PenText system was built and tested by the globally-distributed team at Radically Open Security. This system is at the heart of our own pentesting workflow, and we feel passionately that this 100% free and open-sourced framework will also be useful to your organization.