The four stages of report writing
The reporting phase is often underestimated in its importance and considered as the boring, though necessary, part of a penetration test. Of course, the discovery and attack phases are the core and most exciting parts as it is when the penetration tester's technical skills are applied in practice. Penetration testers could be very skilled and might do an excellent job, but if they somehow fail to communicate their achievements to the customer effectively, their job is (at least in part) in vain.
Writing good reports is a required ability, almost an art, for penetration testers, and as for all the skills, can be improved through practice.
The process of writing a professional penetration test report comprises four stages:
Report planning
Information collection
Writing the first draft
Reviewing and finalization
Report planning
In the first stage, report planning, we define the objectives, the target audience and the contents of the report, as well as the estimated...
