Chapter 15Writing Reports

A penetration test report is the tangible result provided upon completion of an assessment that documents both your findings and your work process. A penetration test report should provide clear, concise, and applicable information so that anyone can gain a security benefit from reading it.

If you are working on a bug bounty program, then you will need to write down your findings. Even when testing your own systems, you will find report writing to be extremely useful in furthering your own understanding of the entire penetration testing process. You will need to bring attention to vulnerabilities that you find, explain precisely what they mean, and provide advice on how to remedy them (or how to mitigate the associated risk, if remedial action is not an option). Furthermore, you will need to ensure that you understand your client's motivation for commissioning a test in the first place and understand their business goals.

In addition to providing technical details, you will need to show the impact that your findings may have financially, as well as on your client's brand and reputation. Writing the final report is an absolutely crucial part of penetrating testing, and it is often overlooked by enthusiastic hackers. This is a skill that you must learn and excel at, since it is the only way that you are able to showcase your work and give back to your client what they've paid you to do.

What Is a Penetration Test Report?

A penetration test report ...

Get Hands on Hacking now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.