Chapter 11
Reporting
IN THIS CHAPTER
Exploring parts of the report: From executive summary to the appendixes
Knowing what to include in the report — and what to leave out
Communicating your findings clearly and professionally
Staying on top of the risk register
When you conduct pen tests, you will likely expose at least some weaknesses and vulnerabilities. The next step then is to report on your findings. In this chapter, I show you how to create a professional report to deliver those findings.
The goal of reporting is to focus on what needs to be done. You determine what needs to be done based on the project scope. It can be hard to manage this when you think of security holistically. Remaining vigilant and maintaining a high security posture requires applying defense in depth (the concept that, if you want to secure something, you consider all ways it can be exploited and add layers of security accordingly). You don’t want to clutter your report, but at the same time, you need to be thorough and note any critical issues you find.
Get Penetration Testing For Dummies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
