HITB-Invoice-Logo

thank you for joining us!

MPT: Pentest In Action

Date

August 25, 2022

Time

17:30

Track

CommSec Track

Security penetration testing is more than necessary. If not all, most organisations either have their own penetration testing team in-house or they have third party pentesters. In any fast paced organisation with multiple product lines and development planning timelines, it becomes challenging for security teams to efficiently manage all these pentest activities and effectively produce security assessment reports and track them.

In order to solve above challenges I have developed a solution called ‘Managing Pentest (MPT: Pentest in Action)’

MPT helps us solve various problems:

  1. Asset DB to know all organisation assets that are in pentest process. You can’t secure what you are not aware of!
  2. Tracking each pentest
  3. Pentesting activity knowledge which comprises of what particular let say application does, or the purpose of hardware that we are testing
  4. When next pentester takes over the testing all they have to do is view the asset and associated information which is already there.
  5. Time taken for each pentest
  6. Real time tracking of activity
  7. Issue status
  8. Common issues that are observed

MPT also has security pentest analytics which helps us not only track and view everything in single pane of glass but also helps with:

  1. Finding improvement areas to boost pen tester productivity
  2. Understand the current risk posture
  3. Understand recurring issues
  4. Average amount of time taken for each pentest vs asset size
  5. Average high/medium/low fixing time
  6. Most number of vulnerabilities fixed in a year
  7. Class of new vulnerabilities discovered
  8. Developer trends
  9. Open findings
  10. Critical assessments
  11. Asset health
  12. Top pentester reported findings
  13. Average busy time for each pentester

NOTE: This is tool will be released at #HITB2022SIN

Speakers

Staff Product Security Engineer

Harness

Jyoti Raval works as Staff Product Security Engineer at Harness. She is responsible for securing product end-to-end and involved in various phases of security life cycle. She is author of tool phishing simulation assessment and presented before at Defcon, BlackHat, Nullcon and Infosec Girls. She also heads OWASP Pune chapter.

Other Talks in This Track

LOCATION

CommSec Track

DATE

August 25

TIME

10:30

LOCATION

CommSec Track

DATE

August 25

TIME

11:00

LOCATION

CommSec Track

DATE

August 25

TIME

11:30

LOCATION

CommSec Track

DATE

August 25

TIME

14:00