Info : What you should know about PENETRATION Report Writing?
In any penetration test process, the report is the most critical part.
As a PenTester, writing a good report is key to successful penetration testing.
The following are the key factors to a good PenTest report :
- Your report should be simple, clear, and understandable.
- Presentation of the PenTest report. Headers, footers, appropriate fonts, well-spaced margins, etc., should be created/selected properly and with great care. For example, if you are using a red font for the heading, every heading in the document should be in that style.
- The PenTest report should be well organized.
- Check your Pentest report spelling and grammar. A misspelled word leaves a very negative impact upon the person who is reading your report. So, you should make sure that you proofread your report and perform spell-checks before submitting it to the client.
- Always make sure that you use a consistent voice and style in writing a report. Changing the voice would create confusion in the reader; so you should choose one voice and style and stick to it throughout your report.
- Make sure you spend time on eliminating false-positives (vulnerabilities that are actually not present), because false-negatives will always be there no matter what you do. Eliminating the false-positives would enhance the credibility of the report.
- Perform a detailed analysis of the vulnerability to find out its root cause.