Writing an Effective Penetration Testing Report: An Executive View

Software yang tidak aman telah mengancam infrastruktur keuangan, kesehatan, pertahanan, energi, dan infrastruktur penting lainnya. Dengan semakin kompleks dan terhubungnya infrastruktur digital kita, kesulitan mencapai keamanan aplikasi meningkat secara eksponensial. Open Web Application Security Project (OWASP) yang merupakan komunitas terbuka yang didedikasikan untuk memungkinkan organisasi mengembangkan, membeli, dan memelihara aplikasi yang dapat dipercaya. Di OWASP sendiri, anda akan menemukan free and open…
• Tool dan standar keamanan aplikasi
• Buku tentang uji keamanan aplikasi, pengembangan kode aman, dan review kode keamanan
• Kendali keamanan dan pustaka standar
• Cabang lokal di seluruh dunia
• Riset terkini
• Konferensi lengkap di seluruh dunia
• Mailing list
• Dan banyak lagi … di www.owasp.org

Kali ini Pak Semi Yulianto akan membahas :

Writing an Effective Penetration Testing Report: An Executive View

Abstract:
Penetration test or pentest is a typical security assessment which is the process to gain access to specific information assets (eq. computer systems, network infrastructure, or application). Penetration test simulates the attack performed internally or externally by the attackers which have the intention to find security weaknesses or vulnerabilities and validate the potential impacts and risks should those vulnerabilities being exploited.

Security issues found through penetration test are presented to the system’s owner, data owner or risk owner. An effective penetration test will support this information with an accurate assessment of the potential impacts to the organization and range of technical and procedural safeguards should be planned and executed to mitigate risks.

Many penetration testers are in fact very good in technical since they have skills needed to perform all of the tests, but they are lack of report writing methodology and approach which create a very big gap in penetration testing cycle. A penetration test is useless without something tangible to give to a client or senior management. Report writing is a crucial part of any service providers (eq. IT service/advisory). A report should detail the outcome of the test and, if you are making recommendations, document the recommendations to secure any high-risk systems.

The target audience of a penetration testing report will vary, the technical report will be read by IT or any responsible information security people while executive summary will definitely be read by the senior management.
Writing an effective penetration testing report is an art that needs to be learned and to make sure that the report will deliver the right information to the targeted audience.
After reading the book, you will be able to: understand on how to create a good and effective penetration testing report; understand the mechanism to provide effective deliverables; apply risk management knowledge & skills and blend them in your deliverables.

Short bio :

Semi Yulianto
BSc. (Accounting), M.IT (IT Security & Governance)
MCT, MCDBA, MCTS, MCITP, MCSA, MCSE, MCT, CCNP, CWNA, CEH, ECSA, CHFI, ECSP, EDRP, CND, CEI, SSCP, CISSP, CSSLP, CISA, CISM, Security+, CySA+, Pentest+, CASP+, OSSA, CASE Java
Co-Founder & CEO, Chief Hacking Officer (CHO) of PT. Systech Global Informasi (SGI Asia).
Information Security Consultant / Subject Matter Expert (SME) /Advisor at PT. Trinusa Travelindo
(Traveloka.com) - until April 2019 and PT. Tiga Inti Utama (Triv.co.id) – Present.
Approved InfoSec/Cybersecurity Instructor (Saudi Aramco & US Military in South Korea).
Information Security/Cyber Security Practitioner, Consultant & Senior Technical Trainer.
Email: semi.yulianto2009 [at] gmail.com
linkedin : https://www.linkedin.com/in/semiyulianto

Venue :
Online by zoom

Topic: Writing an Effective Penetration Testing Report: An Executive View - OWASP Jakarta

Time: Oct 4, 2021 07:00 PM Jakarta

Join Zoom Meeting
https://us06web.zoom.us/j/88185525258?pwd=VW5LWXRVbkNkZHhQeXNRVHVPc0ZqZz09

Meeting ID: 881 8552 5258
Passcode: owaspjkt21

Catatan :
Acara Ini Free for Everyone
Profil Trainer bisa di liat lebih detail di Linkedin
Acara ini Di deliver dengan Bahasa Indonesia