"A Repository of Common Penetration Testing Weaknesses"
Marisa Midler and Samantha Chaves, penetration testers with the Carnegie Mellon Software Engineering Institute's (SEI) Computer Emergency Response Team (CERT), have introduced a repository of penetration testing findings that is now publicly accessible on GitHub. The findings refer to the vulnerabilities and weaknesses discovered during a penetration test. The penetration testing findings repository is a collection of Active Directory, phishing, mobile technology, system, service, web application, and wireless technology weaknesses uncovered during a penetration test. For each finding, the repository includes default names, descriptions, remediation recommendations, references, mappings to multiple frameworks, and severity ratings. Standardization, streamlined reporting, comprehensiveness, and ease of navigation are the key goals of this repository and its structure. This article continues to discuss the repository of penetration testing findings.