In this section, I will share a report template that you can use after finishing a pentration test (either for Web Intrusion Test or Network Penetration Test).
The Cover Page:
[Company Name] – [Project Name] – Security Tests Report
Table of Contents:
History Log ........................................... [Page Number]
Summary ................................................[Page Number]
[Vulnerability Name]......................................[Page Number]
Summary............................................[Page Number]
CVSS Score .......................................[Page Number]
Issue Description..................................[Page Number]
Issue Remediation..................................[Page Number]
Proof............................................ [Page Number]
History Log:
Version
|
Date
|
Modified by
|
Short Description
|
Version # | [Todays Date] | [Your Name] |
Summary:
The following table shows the number of issues identified in different categories. Issues are classified as critical, high, medium, or low, according to their severity, using the CVSS v3 methodology. This reflects the likely impact of each issue for [COMPANY NAME]:
Severity | Vulnerability Description | Occurrences |
Critical/High/Medium/Low | Flaw Name (for example, Reflected XSS) | 1 to Infinity |
[Vulnerability Name] (You will repeat this section for all of the findings during the pen tests.)
Summary:
Severity: | Critical/High/Medium/Low |
Confidence: | Certain/Tentative |
Host/URL: | Target IP address/URL |
CVSS Score:
Issue description:
[Here, you need to specify a description of the vulnerability.]
Issue remediation:
[People need to know how to fix the vulnerabilities. In this section, you will add all necessary information, including the technical details for remediation.]
Proof:
[In this section, you need to add all of the proof gathered from your pen tests; for example, screenshots, exploit source codes, requests/responses from web intrusion tests—you get the idea.]