Writing a Professional Penetration Testing Report
As penetration testers, we can't escape writing penetration test reports, no matter how inexperienced or experienced we are. Each vulnerability should be properly classified, described, and should be friendly to any reader - tech and non-tech person. In this series I will share with you my knowledge about how to write a professional report. Part 1: Report sections Let's take a look at this graphic: The biggest chunk of the report should always be the Technical details where the vulnerabilities are described. The order of the summary, RoE, list of findings and technical details can be flexible, as long as it's rational. Title page should consist of: Name/Logo of company doing the test Name/Logo of the Client Test period Version/ID of the report Confidentiality level Optional: any disclaimer to the confidentiality classification Optional: personal names of the testers Optional: screenshot of the test subject Let's not merge Title page with Table of contents, okay? Gener...