Key Takeaways:


How much risk are teams managing?

2021-state-of-pentesting-risk-management-graphic (1)

Most common types of findings

  1. Broken Access Control: Insecure Direct Object References (IDOR)
  2. Cross-Site Scripting: Stored
  3. Components with Known Vulnerabilities: Outdated Software
  4. Broken Access Control: Username/Email Enumeration
  5. Cross-Site Scripting: Reflected


6 out of 10 see remediated issues
reemerge at a later date


What reduces the effectiveness of prevention & remediation?

What are the biggest challenges when implementing DevSecOps?



How does security share pentest findings with the remediation team?



"Pentesting is on the one side a regulatory requirement, and a requirement by different stakeholders. But it's also a fundamental part of our secure SDLC."
Guido Reismüller
VP Information Security, Solaris Bank