New Training: Pentest Reporting and Communications
In this 5-video skill, CBT Nuggets trainer Bob Salmans discusses the writing and handling of penetration testing reports once a penetration test has been completed. Watch this new CompTIA,Cyber Security training.
Watch the full course: CompTIA PenTest+
This training includes:
53 minutes of training
You’ll learn these topics in this skill:
Writing and Handling a Pentest Report
Reviewing an Example Pentest Report
Post-Report Delivery Activities
The Importance of Communicaitons
2 Important Factors Of Writing Penetration Test Reports
One of the most important steps of penetration testing is wrapping up the project and delivering the final report. That final report is absolutely critical to organizations. Though penetration tests might find security issues in a business, if that report doesn't have the proper information in it, a business can't use it to fix their security issues.
There are two key things to remember when writing penetration testing security reports.
First, remember your audience. Depending on the business, the person making decisions against your security report might be the CEO, the CFO, an IT director, or the sole proprietor of a small business. Make sure you use verbiage that your audience can understand.
Next, pay close attention to the summary of vulnerabilities section. The person running the IT department will likely pay the most attention to this page. Think of it as a resume but for the vulnerabilities found in a business. Keep it to one page and easy to scan through. Don't go into a lot of detail but make sure there is enough that the person reading your report understands what a vulnerability does and how severe it is.