Reporting

The final phase of a penetration test is reporting and delivering results. In this phase, an official document is created by the penetration tester outlining the following:

  • All vulnerabilities found on the targets
  • All risks, categorized on a scale of high, medium, and low, based on the Common Vulnerability Scoring System (CVSS) calculator
  • Recommended methods of remediation for vulnerabilities found

Ensure that when you are writing your report, it can be understood by anyone who reads it, including non-technical audiences such as senior management and executive staff members. The managerial staff is not always technical as they are more focused on ensuring that business goals and objectives are met within the organization.

The report should also contain the following:

  • Cover sheet
  • Executive summary
  • Summary of vulnerabilities
  • Test details
  • Tools used during testing (optional)
  • The original scope of work
  • The body of the report
  • Summary
Further information on penetration testing report writing can be found at https://resources.infosecinstitute.com/writing-penetration-testing-reports/.

Always remember that if you ask 10 different penetration testers how to write a report, they all will give different answers based on their experience and their employers. Be sure not to insert too many images or too many technical terms to confuse the reader. It should be simple to read for anyone with a non-technical background.

In the following sections, we will outline the fundamentals of creating a penetration testing checklist.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.14.221.113