The pentest report template is one of the most important aspects of automating and delivering reports. While many pentest management and report automation platforms use DocX templates, Cyver uses a customizable and modular Template Builder inside our platform. This gives you full control over the report, branding, and modification pre and post pentest report generation.
If you’re using Cyver’s platform, including uploading and managing pentests, the template will allow you to generate a complete pentest report with one click. Setting that up means using the tool, importing data, and designing the template around the data and information relevant to the client.
Fully Customizable Report Template
Cyver offers a basic pentest report template you can use as a baseline. You can also build your own from the ground up by starting a new template.
Here, you can:
- Add and remove sections. Name sections whatever you’d like. Cyver offers basic sections like “Executive Summary”, “Methodology”, and “Finding Details”. You can add whatever you’d like, customize the text, and then re-use it across other pentest report templates (or not).
- Customize and brand every section with CSS. Cyver also uses HTML tags so you can customize the look and feel of each section. You get full control over colors, font, text size, and branding.
- Use markup to format text and content delivery.
- Link methodology and compliance controls
- Add Tokens to auto-import data from the tooling.
You can start with our default pentest report template and modify it to meet your needs, build your own, or use a combination of both. Most of our users eventually create new pentest report templates for each client, with some additional customization per type of Pentest.
Full Control of Pentest Data
Cyver’s report templates link existing project data into reports. This means data is uploaded separately from the report process.
Importing Findings – Cyver supports popular tools like Burp Suite, Nessus, NMap, and more. Simply import findings as they’re available to add to the Findings Library. Here, Findings import to tickets, which you can immediately publish to clients. This means all Findings are in one place. When you go to generate the report, data is already in the system, with no need to search for files, look through documents, or find specific Findings from reports.
Popular Tooling – Cyver supports most popular tooling. Findings are imported via XML or CSV, meaning you can use auto-generated reports from Nessus, use a JasperReport to compile custom scripting into a single file, or otherwise upload single or parsed findings.
Project Management – Cyver is a pentest management platform. You can plan, schedule, and build pentest projects inside the platform for full visibility and oversight of not only current pentests, but also the full pipeline. Once you do, Cyver’s Tokens automatically import that data to the Pentest report, so every newly generated report automatically includes client and project data including assets, methodology, etc.
Reusable Writeups – Cyver uses templates and libraries to manage and re-use data. This means pentest, finding, and pentest report writeups are always available and reusable. If you’re pentesting for the same client, you can simply reuse old vulnerability writeups instead of making them again. Pentest report templates can be customized per client and per project type and then linked to that client and re-used again on future projects.
Compliance Controls – Cyver offers out-of-the-box compliance frameworks for popular controls like OWASP 10, ISO 27001, etc. Here, you can map findings to those controls in the report to deliver pentest reports for audits and compliance needs. Clients can view this data at any time in threat dashboards, showing vulnerability and severity of vulnerabilities by asset. This allows you to add value to the client, and to meet the needs of compliance-specific pentests, without investing more time into the report.
Generate Meaningful Pentest Reports
Cyver’s approach to automated pentest reporting means you get a fully modular pentest report template, the ability to link in existing work data, and tools to map findings to vulnerability scales, compliance controls, and to client assets. Once you set up the report template, upload data to the pentest project, and onboard clients, you can generate meaningful pentest reports with a single click.
Want to learn more? Visit our Automated Pentest Reports page to see the full feature list.