Wrapping up and generating manual reports
Let us now discuss how to create a penetration test report and see what is to be included, where it should be included, what should be added or removed, how to format the report, the usage of graphs, and so on. Many people, such as managers, administrators, and top executives, will read the report of a penetration test. Therefore, it's necessary for the findings to be well organized so that the correct message is conveyed to those involved and is understood by the target audience.
The format of the report
A good penetration testing report can be broken down into the following elements:
- Page design
- Document control
- Cover page
- Document properties
- List of the report's contents
- Table of contents
- List of illustrations
- Executive/high-level summary
- Scope of the penetration test
- Severity information
- Objectives
- Assumptions
- Summary of vulnerabilities
- Vulnerability distribution chart
- Summary of recommendations
- Methodology/technical report
- Test details
- List of vulnerabilities
- Likelihood...
