Читать книгу Web Penetration Testing - Radhi Shatob - Страница 17

Report is the “tangible” output of the penetration test, a Pen-test report typically consists of the following sections:

 Introduction: Summary, purpose, scope, duration of the test.

 Management summary: Summary of tests results with summary security state of the organization and if the pen tester was successful to gain access or not.

 Finding section: list all the vulnerabilities found during the pen-test. Since the finding is going to be the most important section of the report, the following details should be given about the findings:

 Short name of the vulnerability.

 Severity level (urgent, critical, High, Medium, low, information disclosure.

 List of vulnerable assets.

 Detailed explanation of the vulnerability.

 Brief summary of how the vulnerability identified.

 Share the references about the vulnerability.

 Recommendation section: include how the owner can harden the system.