Net-Square's NSTAR is a flexible report management tool. NSTAR comes fully equipped with various reporting templates which follow standard reporting controls like NS-ASC/OWASP/ PCI-DSS and any other format. In other words, NSTAR is a complete application testing management platform which is designed to support a highly mature information security testing programme.
- - Master management for controls
- - Scope, Groups, Control details
- - Define clients, and assign a client ID
- - Each project is a target for testing – app/network/system, etc.
- - Project properties to be defined here.
- - Threat weights assigned to controls.
- - Threat weights assigned to positioning of target.
- - A project may have multiple tests. A test implies a single instance of testing for that particular project.
- - Collection of findings per test.
- - One control per finding.
- - Users and administrators of the application.
- - Report for a single test.
- - Trend views, per project / per client.
Import / Export
Flexibility and Extensibility : NSTAR can adapt to various standards, controls and even scoring methodologies. It can also scale-up for updated methodology and multi-lingual data support.
Collaboration : NSTAR comes with Data Management – Organize and share data amongst teams, "IntelliSuggest" – recommendations with consistent terminology and phrases.
1-Click Reports : Template driven fully customizable reports containing everything from executive summary to detailed findings required by infosec teams and finally the remediations which can be carried out by vendors.
Quantifiable : NSTAR helps you to quantify the data and make it actionable. It has adopted a plug and play scoring model with the capability to score in CVSS/STRIDE/etc which makes it consistent across applications. It is now possible to assign value to both technical and business impacts of the findings making them more logical and reasonable. With quantification, now you can also get Application Security Posture trends for simplified and accurate view of the security cycle of the applications.