Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
The following guide outlines the steps to quickly onboard new users to production.
Before downloading and using a template, it is highly recommended to read the Using Templates Overview page for orientation.
Step 1: Download the OWASP template below that matches the desired report use case:
Web Application OWASP Report Template
Mobile Application OWASP Report Template
Step 2: Upload the downloaded single-scope Template into PlexTrac.
Reference the Using Templates Overview page for instructions on associating the export template correctly.
Step 3: Attach the single-scope template to a report.
Within the report, navigate to the Details tab. In the "Report Template" field, select the template created in Step 2 and Click Save.
Step 4: Add the custom fields leveraged by the export template. Predefined custom fields are included in single-scope templates.
On the Details tab of the report, click Add Custom Field at the bottom of the page and create the following 'Report Custom Field' labels:
Author 1
Author 1 Title
Author 1 Email
Company 1 Name
Company 1 Address
Once completed, Click Save.
Step 4 can also be completed when creating the Report Template.
Reference the 'Using Templates Overview' page for more information.
Step 4 can also be extended to a Secondary Author.
Reference the 'Version Control' page for more information.
Step 5: Add & Tag Findings with their associated OWASP Top 10 associated Risk.
The following Findings Tags (detailed below) will allow Findings within the exported Report to display correct information within certain sections of your Report. These Tags will only function appropriately within their respective scoped report.
Web Application OWASP Top 10 Tags (highlighted in yellow)
a03 - A03:2021 - Injection
Mobile Application OWASP Top 10 Tags (highlighted in yellow)
Step 6: Export the report.
Any narratives, findings, and affected assets expected in the report must be added before export.
To access additional pre-built customization options, please proceed to the following pages.
Color codes are applied to table headings and text to provide clear and immediate insights. Table headings can be color-coded to aid readers in prioritizing information. Severity levels are emphasized through text color codes, where "High" may appear in red, "Medium" in orange, and "Low" in blue. These color cues enable efficient data interpretation and decision-making in security-related contexts.
Step 1: Open the OWASP template.
Step 2: Go to the "COLOR CODES" section of the setup code.
Step 3: Insert the new desired hexadecimal color code into the highlighted area of the value to change and save the document.
Do not include the hash symbol.
The legacy highlighted colors used for visual context will not match the new color code entered in Step 3 unless updated manually in the Word document.
The Cover Page option defines the format for the cover page. Users can replace cover art and branding with any option and include additional static content, such as a disclosure statement.
References for additional Report Custom Fields beyond what is presented in the default options can be added.
Don't forget to replace the placeholder text with the organization’s name and address.
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.cover_page_option
line. The number listed represents the option that will be leveraged. Modify the value to match the desired option (information on the different options is listed below).
Click each expandable section for more information.
The Strict Narratives option allows users to choose between utilizing predetermined narratives within the report or selecting any custom narrative they prefer.
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.strict_narratives
line. The value listed determines the presentation of narratives within the report. The default value is "true." Modify the value as desired.
If bb.strict_narratives
is set to true
, the report will expect the narratives to be present and populated. The structure of the expected narratives is based on the recommendations made by the OWASP Organization.
Disclaimer
The Team
Methodology
Timeline
Scope
Limitations
Summary of Findings
These narratives will be displayed in the order above.
If bb.strict_narratives
is set to false
, the report will display any narrative in the report in the order entered.
The only narrative it won't show in order is a narrative with "Appendix" in the title. In that scenario, the narrative will appear at the bottom of the report.
The Display Version Control option allows users to choose between....
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_version_control_option
line. The value listed determines the different pre-built Version Control tables made within the template. The default value is "1"
. There will be a total of 2 options available. Modify the value with "1"
or "2"
as desired.
If nn.display_version_control_option
is set to 1
, the report will generate and display the pre-built option of having a single 'Primary' column presented in the "PROJECT CONTACTS & DOCUMENT HISTORY" section of the expected report.
This option will function solely with the following Report Custom Fields:
Author 1
Author 1 Title
Author 1 Phone
Author 1 Email
If nn.display_version_control_option
is set to 2
, the report will generate and display the pre-built option of having a "Primary" column and a "Secondary" column presented in the "PROJECT CONTACTS & DOCUMENT HISTORY" section of the expected report. .
This option will function with the following Report Custom Fields:
Author 1
Author 1 Title
Author 1 Phone
Author 1 Email
Author 2
Author 2 Title
Author 2 Phone
Author 2 Email
Please Note: The "Report Version History" table will require manual updating to the table beyond the "Initial Report" version.
This option allows users to choose between multiple presentations of a table that displays the overall findings count by severity.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_findings_count
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
The Summary Table option allows users to choose between multiple table presentations of findings.
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.summary_table_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
If bb.strict_narratives
is set to "true," but the fields above are not in the report, the following error message will appear in the export report:
This custom field must be added to a layout template to ensure it is being populated. Visit the for information on setting up and associating a finding layout template.
This option allows for omitting any findings with a severity rating of "Informational." The default value is "true."
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.display_informationals
line. The value listed determines if the findings will be displayed or not. Modify as desired.
If set to true
, all findings with a severity rating of "Informational" will appear in the report.
If set to false
, all findings with a severity rating of "Informational" will be omitted from display throughout the exported document, not tabulated in the count of findings table (called with display_findings_count)
and omitted from display in the Finding Summary Tables and Detailed Findings.
This option allows for omitting any raw evidence in the report. The default value is "false."
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.include_raw_evidence
line. The value listed determines if the evidence will be displayed or not. Modify as desired.
Step 4: For raw evidence to appear in the report, it must be enabled both in the report settings and within the template. Navigate to the Details tab of the report, scroll to the bottom of the page, and toggle on "Include Raw Evidence on Export."
Enabling bb.include_raw_evidence
will significantly increase the export time and length of the report.
The Finding Details option allows users to choose between multiple presentations of finding details information.
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.detailed_findings_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Step 4: Go to the bb.display_finding_status
line. The default value will be set to true
and will display whether the findings status is "Open", "In Process", or "Closed". If the default value is changed to false
, the finding status will not be displayed.
Click each expandable section for more information.
The Finding Status option lets users display each finding's status in the Finding Details section.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_finding_status
line. The default value is true
, which will display a finding's status in the Finding Details section. Modify the value as desired.
This option inserts a page break between each finding presented in the Detailed Findings section of the report. The default value is false.
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.page_break_between_findings
line. The value listed determines if the prefix will be displayed or not. Change the value to "true" to have page breaks inserted.
This option determines if the report displays the associated port number, protocol, service and version data for affected assets. The default value is "false."
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.dispay_port_data
line. Change the value to "true" to display any associated port number, protocol, service and version data if available for affected assets.
If bb.dispay_port_data
is set to true
, the report displays any associated port number, protocol, service and version data for affected assets.
If bb.dispay_port_data
is set to false
, only the name of the affected asset(s) will be displayed in a comma-delimited list.
This option determines the number of lines inserted between each finding in the Detailed Findings Section of a report. The default value is 3.
This option is enabled only if bb.page_break_between_findings is set to "false."
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.newlines_between_findings
line. Change the value to increase or decrease the lines inserted between each finding in the Detailed Findings Section.
The paragraph spacing is determined by the settings applied to the "Normal" style in Microsoft Word. Standard options for line spacing include single spacing (1.0), 1.5-line spacing (1.5), and double spacing (2.0). These settings can be adjusted in the "Paragraph" section of Word.
The following guide outlines the steps to quickly onboard new users to production.
Before downloading and using a template, it is highly recommended to read the Using Templates Overview page for orientation.
Step 1: Download the single-scope template below that matches the desired report use case:
The Single Scope (Generic) Template
Pentera Integration Template
Internal Penetration Report Template
External Penetration Report Template
Step 2: Upload the downloaded single-scope Template into PlexTrac.
Reference the Using Templates Overview page for instructions on associating the export template correctly.
Step 3: Attach the single-scope template to a report.
Within the report, navigate to the Details tab. In the "Report Template" field, select the template created in Step 2 and Click Save.
Step 4: Add the custom fields leveraged by the export template. Predefined custom fields are included in single-scope templates.
On the Details tab of the report, click Add Custom Field at the bottom of the page and create the following 'Report Custom Field' labels:
Author
Author Title
Author Email
Company Name
Company Address
Once completed, Click Save.
Step 4 can also be completed when creating the Report Template.
Reference the 'Using Templates Overview' page for more information.
Step 5: Export the report.
Any narratives, findings, and affected assets expected in the report must be added before export.
To access additional pre-built customization options, please proceed to the following pages.
OWASP templates are pre-built report export template variations of the single-scope template that outputs a structure optimized for an OWASP report. One is for web applications and the other is for mobile applications.
OWASP reports enhance web application security by providing valuable insights, guidance, and resources to help organizations and developers protect their web applications from common threats and vulnerabilities. One of the key publications from OWASP is the "OWASP Top Ten," which documents the top ten most critical web application security risks.
Click the box to download the report export template.
Findings within the Web Application Report must be tagged with the following to accurately display OWASP risks identified on the exported report.
Available Finding Tags: a01, a02, a03, a04, a05, a06, a07, a08, a09, a10
Example: Findings tagged with 'a01' will associate a finding with 'A01: Broken Access Control' outlined in the OWASP Top 10 Web Application Security Risks list.
Click the box to download the report export template.
Findings within the Web Application Report must be tagged with the following to accurately display OWASP risks identified on the exported report.
Available Finding Tags: m01, m02, m03, m04, m05, m06, m07, m08, m09, m10
Example: Findings tagged with 'm01' will associate a finding with 'M01: Improper Credential Usage' outlined in the OWASP Top 10 Mobile Application Security Risks list.
This template has options to configure the presentation of several topics. Click the link below for instructions on each topic.
Visit the Using Export Templates page for an overview of implementing the template when ready to export a report.
These are the included pre-built macros for the single-scope report export template. Click each expandable section for more information.