6. Reporting
The final phase of the pentest methodology is the reporting phase.
This is one of the most important phases where you will outline everything that you found. The reporting phase often includes the following things:
The Finding(s) or Vulnerabilities
The CRITICALITY of the Finding
A description or brief overview of how the finding was discovered
Remediation recommendations to resolve the finding
The amount of reporting documentation varies widely by the type of engagement that the pentester is involved in. A findings report generally goes in three formats:
Vulnerability scan results (a simple listing of vulnerabilities)
Findings summary (list of the findings as outlined above)
Full formal report.
A full formal report sample can be found here: https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report
Last updated