Powered by

# PTaaS

The Pen Testing as a Service (PTaaS) module provides a central place to focus on all your PTaaS engagements, accessing their reports and associated findings and assets as well as adding tags and assigning findings to your internal teams for remediation.

PTaaS engagements
PTaaS engagements

See also:

# Understanding the NetSPI Platform's PTaaS module workflow

The NetSPI Platform platform is comprised of modules that provide distinct feature sets and workflows for vulnerability management and platform administration.

For the PTaaS (Pen Testing as a Service) module:

  • Data from third-party sources, such as scanners, are imported to the NetSPI Platform. This can be done automatically through API integrations or manually from flat files.

  • The NetSPI Platform parses, transforms, and correlates vulnerability data, updating existing NetSPI Platform entities or creating new ones as needed.

  • Finding and asset data becomes available in the NetSPI Platform interface.

    • Unverified findings are managed and reviewed by NetSPI Agents.
    • Verified findings are managed and reviewed in the NetSPI Platform. Verified findings assume no false positives are present.

# NetSPI Agent process

Agents, or penetration testers, review unverified findings. If a finding is determined to exist as reported by the scanner, the reviewing pen tester marks the finding as final and ready for publishing. Pen testers can also manually create findings, such as findings found during manual penetration testing. Verified, final findings are published to the PTaaS module and are also viewable from the top navigation Findings menu.

# Client PTaaS module workflow

Vulnerability managers use the PTaaS module to assign verified findings to remediators, such as developers or system administrators. When a vulnerability is addressed at the source, the remediator marks the finding as remediated.

The NetSPI Platform's built-in reporting system can generate PDF and HTML reports that can be viewed or downloaded through the Platform and shared with team members and key stakeholders.

Client Admin users (those with Admin role privileges to the NetSPI Platform) can access Admin configurations on their Settings page.

# Integration with third-party products

The NetSPI Platform supports importing data from many third-party products and tools, either through flat file import or direct API integration.

Product API Integration File Import
Atlassian Jira X
Checkmarx CxSAST X X
Contrast Security X X
IBM Security AppScan Enterprise X X
IBM Security AppScan Source X
IBM Security AppScan Standard X
McAfee Vulnerability Manager X
Micro Focus Fortify on Demand X X
Micro Focus Fortify Software Security Center X X
Micro Focus Fortify WebInspect X X
Nmap X
Nessus Vulnerability Scanner X
OWASP Dependency Check X
PortSwigger Burp Suite X
Qualys Cloud Platform X X
Rapid7 AppSpider X X
Rapid7 Nexpose X X
ServiceNow CMDB X X
Slack X*
Sonatype Nexus X X
Tenable Security Center X
Veracode Web Application Scanning X X
WhiteHat Security X X
  • Integrate with Slack to post NetSPI Platform findings to a Slack channel. For information on configuring this integration, contact NetSPI Support.

© Copyright 2025. All rights reserved.