The binsec GmbH relies on PTDoc® for its penetration tests – a specialized tool for structured penetration testing and professional report generation. PTDoc was developed by binsec systems GmbH.
The idea for PTDoc emerged during the growth of the binsec team: How can quality remain consistently high when individual penetration testers have different personal focus areas? And how can we ensure that the outcome of a test is always identical – regardless of which senior penetration tester carries it out?
Before PTDoc, binsec faced the typical challenge: Should reports be written in Word or created with LaTeX? Initially, the decision was made for LaTeX, which produced technically clean but rather “typical” LaTeX documents in terms of design. With PTDoc, this changed fundamentally – today, it delivers professionally designed reports that are still powered by extensive LaTeX code in the background but managed through a user-friendly interface.
The core idea of the tool is to provide a uniform and standardized methodology for different targets – such as Active Directory, mobile applications (e.g., Android apps), or networks. The binsec team continuously maintains and extends this methodology, integrating well-established standards such as the OWASP Testing Guide, MASVS, and OSSTMM. This ensures consistently high quality and the exact repeatability of penetration tests.
In recent years, it has become clear that this structured approach regularly reveals vulnerabilities that were missed in previous tests. One client even stated that they no longer consider earlier assessments from other providers to have been “real” penetration tests.
PTDoc covers all three phases of pentest documentation:
- Execution of the test – systematically working through the defined methodology.
- Creation of findings – including management-level descriptions, detailed technical analysis, risk ratings (qualitatively via traffic-light system or quantitatively via CVSS), and management of screenshots and evidence.
- Report generation – automated creation of a consistent, audit-proof report.
Retesting is also integrated: Once a tester verifies that a client has fixed a vulnerability, they simply document the proof of fix in the finding. When rebuilding the report, the issue is automatically marked as remediated, and the management summary is updated accordingly.
In addition, PTDoc supports the creation of both German and English reports, making it easy to provide clients with deliverables in either language – or even in both.
Conclusion: With PTDoc, penetration testers can fully focus on their actual work – conducting the test. At the same time, report creation becomes quick and efficient, ensuring that clients receive their results shortly after the test is completed.
