After gathering every single piece of your verified test results, you must combine them into a systematic and structured report before submitting them to the target stakeholder. There are three different types of report; each has its own schema and layout relevant to the interests of a business entity involved in the penetration testing project. The report types are as follows:
- Executive report
- Management report
- Technical report
These reports are prepared according to the level of understanding and ability of the recipient to grasp the information conveyed by the penetration tester. We will examine, in the following section, each report type and its reporting structure, with basic elements that may be necessary to accomplish your goal.
It is important to note that all of these reports should abide by non-disclosure policy, legal notices, and the penetration testing agreement, before being handed to the stakeholders.