Use The Same Workflow Tools As Our Pen Testers
Test Manager was inspired by an enterprise customer who wanted something more than traditional penetration testing companies delivered. The Security Manager wanted to understand:
What tests were actually performed and the result for each test.
View our team's progress during engagements as we tested a number of applications.
A way to manage a vulnerability's life cycle, from validated to closed, outside development's defect management tool.
Trend and report on issue meta data like Attack and Vulnerability Groups.
Immediately produce reports as critical issues were found.
Not all customers need this level of visibility. However Test Manager surprised our assessment team as we developed the workflow:
Assessors found it easier to collaborate during the engagement.
Cross-training and educating other assessors became easier with test and vulnerability data readily available.
Assessors didn't realize how much they hated report writing (OK, they already knew that).
The above experience helps differentiate Caliber Security Partners from other security companies. We're also proud to offer Test Manager to customers with internal pen test teams.
Assessment Manager is now Test Manager!
Test Templates & Test Reporting
Test Manager stores templates of tests that can be applied to target applications. The following example utilizes the OWASP Application Security Verification Standard (ASVS). Tests can be filtered or downloaded for reporting as needed. When a test fails, a finding template can be automatically created.
New findings can be completed from templates ensuring consistency across the assessment team. Test Manager includes a number of pre-formatted elements to enhance reporting e.g. screenshots, code excerpts.
Reports can be refined by selecting which elements and findings to include. The report also includes pre-built visuals, formatting e.g. logos, tables, and static content e.g. risk rating definitions.
Please contact us to trial Test Manager within your internal assessment team.
Due to the narrow focus of Test Manager, it is not included in the automated GRC Select trial. Test Manager, and its companion Performance Dashboard, are available for Enterprise Edition subscribers.