A Penetration Testing Findings Repository
Software Engineering Institute
In this podcast, Marisa Midler and Samantha Chaves talk with Suzanne Miller about an open-source penetration testing findings repository that they created. The repository is a source of information for active directory, phishing, mobile technology, systems and services, web applications, and mobile-technology and wireless-technology weaknesses that could be discovered during a penetration test. The repository is intended to help assessors provide reports to organizations using standardized language and standardized names for findings, and to save assessors time on report generation by having descriptions, standard remediations, and other resources available in the repository for their use. The repository is currently an open-source document hosted on the Cybersecurity and Infrastructure Agency (CISA) GitHub website at https://github.com/cisagov/pen-testing-findings.
About the Speaker
Samantha Chaves is an associate cybersecurity engineer on the Applied Network Defense team in the SEI CERT Division. Chaves began working at the SEI four years ago on the CERT Platform Insight Team as an intern. Chaves received a bachelor’s degree in computer science and a master’s degree in cybersecurity …Read more