Are You A PenTexter? Open-Sourcing Pentest Reporting and Automation.

BSidesLV 2016

Presented by: Peter Mosmans, Melanie Rieback
Date: Tuesday August 02, 2016
Time: 11:45 - 12:30
Location: Florentine A
Track: Breaking Ground

This talk will announce a new OWASP project: PenText, a fully open-sourced XML-based pentest document automation system. The PenText system is a document automation framework that supports the entire pentesting lifecycle: from the initial inquiry, through pentest scoping, quotations, pentesting, and reporting, through the final invoice.

During this talk, we will demonstrate the OWASP PenText system live, in the context of our larger Pentesting ChatOps infrastructure (RocketChat, Hubot, and Gitlab). We will describe the basics of how the OWASP PenText system is architected (XML, XSLT, XSL-FO), and show how the system can be used to manage the entire lifecycle of pentesting data, including the automatic generation of documentation at various points in the process (including quotations, pentest reports, and invoices).

The OWASP PenText system was built and tested by the globally-distributed team at Radically Open Security. This system is at the heart of our own pentesting workflow, and we feel passionately that this 100% free and open-sourced framework will also be useful to your organization.

Peter Mosmans

I currently lead a team of passionate, idealistic, and overall excellent pentesters around the globe at Radically Open Security. Being a builder first, I started in the nineties as software engineer working on Internet banking applications for European financial institutions. Later on I started specializing in pentesting complex and feature-rich web applications. I'm a contributor to several open source security projects and maintain an extra-featured OpenSSL fork. Ethical security enthusiast.

Melanie Rieback


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats