Abstract

Security penetration testing is becoming as necessary and as usual a practice as software testing. Most, if not all, organisations either have their own penetration testing team or they utilise third-party pentesters.

Imagine any fast-paced organisation developing multiple product lines and planning to release each of them from time to time. It becomes challenging for the organisation’s security team to efficiently manage all of these pentest activities running and effectively produce security assessment reports and track them.

Because of such volume of work, the numbers of pentesters in organisations are increasing to keep up. Each pentester is doing multiple pentests. The next cycle of a previous pentest can get assigned to another pentester. Each pentesting cycle has issues and recurring issues. And above all, managing all these using Excel worksheets is nightmare.

A pentesting activity knowledge base is kind of must. A single-pane-of-glass view to all pentests running, and the issues identified, is a necessity for everyone involved in the security review cycle.

To solve these challenges, I have developed a solution called Managing Pentest (MPT): Pentest in Action.