Penetration Testing by James Hayes, Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner

Following any penetration test, you will generally receive a formal report from your penetration test provider. In this chapter, we will explore the role and purpose of a penetration test report, the type of content that will be included and how to use the report content most effectively within your business. A penetration test report, when well-written, will illuminate your technical risks, providing clarity around the business context of the vulnerabilities present with pragmatic advice to treat the risks. Understanding what you need from a penetration test report, and how to interpret report content, can greatly improve the efficacy of your technical assurance activities.

PURPOSE OF REPORTING ...