13 hours 9 minutes
Hello and welcome to another penetration. Testing, execution Standard
discussion. Today we're going to briefly look at the reporting structure,
and our objectives for this discussion are to discuss reporting intentions and discuss reporting. Resource is so let's jump right in.
So the intentions of the report The report should convey all the criteria laid out in the scope of the penetration test and the given results, and you should be able to answer these questions. Did we achieved what we set out to achieve? Did we achieve our goals? Did we reduce risk? What are the risks?
What are the what were the results? How do we mitigate the risks? And so you should be looking, too, with all the information that you provide,
the ability to answer those core questions and ultimately see if you achieved your goals and which you set out to do in the test.
While we will define a basic report layout,
it's definitely encouraged that you use a method that fits your organization and its needs. Now
here, just a few reporting resource is that you can google and look up so offensive security provides a sample penetration testing report. You can go to their site, and they give you an idea of how they lay out their report. Some evidence that they provide recommendations, feedback things that nature T B G Security has a simple sample penetration test report,
and then the Sands reading room actually has writing a penetration test report white paper. So
if you really want to get involved in how our penetration test report should be laid out, what, it should contain different formats and styles in which other organizations, right? Penetration, testing reports. If you don't have a lot of experience in report writing,
I definitely recommend that you go out, you find some sample reports. Maybe you find a few old reports on the Internet that someone put out there.
Give it a read to see what you like about him, see what you don't. We're going to give you some areas within the technical report, as well as the executive summary that could maybe help you in that process of building out. You were reporting template,
and you definitely want to make sure to remember
that you can set up a reporting template and have a standard framework in which you put all the information into,
but never, never, never, never, never reuse
another client's report
to make either a sample report for sales or something of that nature, because if you accidentally exposed information
by using another client's report is a template
that can not only be very embarrassing, but it could be damaging for both you and the client,
depending on the audience. You know, the folks that are receiving that report. So with that in mind, we discussed reporting intentions and we discussed some reporting. Resource is and things that you can look into. So I want to thank you for your time today, and I look forward to seeing you again Sin.