Software Engineering Institute

In this podcast, Marisa Midler and Samantha Chaves talk with Suzanne Miller about an open-source penetration testing findings repository that they created. The repository is a source of information for active directory, phishing, mobile technology, systems and services, web applications, and mobile-technology and wireless-technology weaknesses that could be discovered during a penetration test. The repository is intended to help assessors provide reports to organizations using standardized language and standardized names for findings, and to save assessors time on report generation by having descriptions, standard remediations, and other resources available in the repository for their use. The repository is currently an open-source document hosted on the Cybersecurity and Infrastructure Agency (CISA) GitHub website at https://github.com/cisagov/pen-testing-findings.