juliocesarfort / public-pentesting-reports Goto Github PK
View Code? Open in Web Editor NEWA list of public penetration test reports published by several consulting firms and academic security groups.
A list of public penetration test reports published by several consulting firms and academic security groups.
https://oig.nasa.gov/docs/IG-19-022.pdf
Some great content in here!
Nice collection, thanks for putting this up!
Here is a couple of more: https://cure53.de/#publications
Hello,
first of all, thank you for doing this, it's very useful for learning!
I noticed that these reports all have different goals; some of them are code auditing reports, some are pentest reports, others are APT reports...
That's why I would suggest organizing the documents into specific folders according to their audit type. I think it would be easier to browse rather than by security companies.
Proton VPN no-logs security audit - https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf
Simple Login (Proton) - WEB - https://simplelogin.io/audit2022/web.pdf
Simple Login (Proton) - Android - https://simplelogin.io/audit2022/android.pdf
Livecall.io - WEB - https://sekurak.pl/wp-content/uploads/2020/06/Livecall_web_20200306_public.pdf
ProteGO Safe (Polish gov COVID app) - lang PL - https://www.gov.pl/web/protegosafe/audyt-bezpieczenstwa--zobacz-raport
CANAL + - lang PL - https://sekurak.pl/zobacz-pelen-nieocenzurowany-raport-z-testow-penetracyjnych-canal/
https://paragonie.com/security - So far we've published 6 of our audit reports. (I'm not sure how well Github handles pull requests that contain PDF files, but I can send one if you prefer.)
@juliocesarfort Would you mind taking a look at the Illumio assessment report below and let me know if you think it qualifies to be added to the Bishop Fox folder?
https://know.bishopfox.com/hubfs/Bishop-Fox-Research-Report-Efficacy-of-micro-segmentation-V01.pdf
Let me know what you think, Thank you.
Virginie
Should new submitted PRs include a metadata txt file along with the PDF report? The number of reports has grown as others have realized its value. However, it's impossible to quickly identify mobile-related reports for example.
Metadata.txt:
Name: name.pdf
Security Company: Foo
In-Scope Company: Bar
Pentest Date: DD/MM/YYYY
In-Scope: Service A, Service B, ...
Language: Scala
Metadata: Mobile, Android, ...
Hi Julio,
good job.
It will help to have an index including the project names in the Readme.
Happy to give it a try if you agree
Regards
Jofre
Hi i think if you separate the reports in categories like wep app pen test report, network pen test report, etc.. it will be better... Cuz most of the visitors are coming here to see more Full Black Box Penetration Testing report than app audit or blockchain blabla audit... They want full sample/examples of a real complete pentesting engagement.. maybe im wrong..
Thank you.
This is bound to come up again but there's already some instances of this with the Kudelski Security - X41 reports.
Some suggestions on how to tackle this would be: A defined naming convention for this (which company first? Alphabetical or as it appears on the report?), or possibly a folder that is titled Joint Reports that then has folders inside.
I don't understand why the project uses the report author's organization for subdirectories? Why not subjects?
Libraries/Crypto
MobileApps
Hardware/Net
Hardware/IoT
If I want to find reports by a certain consulting company I can just go to their website. The same cannot be said if I want to find reports about domestic robots. If you actually "curated" the reports and organized them by subject you would add real value.
Unsure if this technically counts as public, but stumbled across it on a google for other public pentest reports:
From a quick look, it seems to just be the executive summary, without any specific finding details.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.