A well-documented report can not only help you to communicate with stakeholders, but also demonstrate the value of security testing. A professional penetration testing report should include an agenda such as executive summary, statement of scope, statement of methodology, test results, findings, mitigations, and tools used.

In this chapter, we have introduced three approaches to managing the testing results. First, we can use the script to integrate all the testing results. We demonstrated the uses of a Python script, RapidScan, which executes several security testing tools and presents the security findings in a console with highlighted colors. Secondly, we also introduced the document generator Serpico, which can help to generate professional penetration testing documentation, which includes the summary, security findings, risk ratings, and mitigations. Finally, we applied a reporting management service, which can import all the XML testing results and present the findings in one dashboard. We have illustrated this by using OWASP DefectDojo.