Chapter 16. Reporting Your Results

In This Chapter

  • Bringing your test data together

  • Categorizing the vulnerabilities you discovered

  • Documenting and presenting the final results

If you're looking for a break after testing, now isn't the time to rest on your laurels. The reporting phase of your ethical hacking is one of the most critical pieces. The last thing you want to do is to run your tests, find security problems, and leave it at that. It's important to make sure that all your time and effort is put to good use by thoroughly analyzing and documenting what you find to ensure that security vulnerabilities are eliminated and your information is more secure as a result. This is an essential element of the ongoing vigilance that information security and information risk management requires.

Ethical hacking reporting includes sifting through all your findings to determine which vulnerabilities need to be addressed and which ones don't really matter. It also includes briefing upper management or your client on the various security issues you found, as well as giving specific recommendations for making improvements. You share the information you gathered and give the other parties guidance on where to go from there. Reporting also shows that the time, effort, and money invested in the ethical hacking tests were put to good use.

Pulling the Results Together

When you have gobs of test data — from manual observations you documented to detailed reports generated by the various tools you used — ...

Get Hacking For Dummies®, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.