Modernizing the Application Penetration Engagement and Reporting Lifecycle

Explore a comprehensive presentation that addresses the gap in resources for application security test reporting processes. Delve into the evolution of reporting systems within an offensive security consulting organization, from legacy approaches to modern implementations. Learn about key considerations such as efficiency, data analytics, error prevention, automation, and client-specific requirements. Discover the research methodology used to identify ideal report attributes through analysis of publicly available application penetration test reports. Understand the evaluation process for reporting platforms and the implementation of Microsoft 365 and Power platforms to manage the entire engagement lifecycle. This 41-minute OWASP Foundation talk provides valuable insights for security professionals looking to improve their application penetration testing engagement and reporting processes, highlighting both successes and ongoing challenges in modernizing these critical workflows.