The PTES breaks the documentation and report down into two sections; one section is for executive, high-level reporting, and the other is for technical reporting. Both sections are targeted for specific audiences and all data should be kept with utmost security and secrecy.
This section of the report should be used for those who are directly impacted by successful penetration results, and those in charge of the security plan within our target client. The PTES outlines the following information:
Background
Overall Posture
Risk Ranking
General Findings
Recommendation Summary
Strategic Roadmap
The Background should list the overall goals that the test is trying to achieve, usually put forth by the target client during the interview and initial agreement processes.
The Posture is mentioned as the "overall effectiveness of the test". This includes found vulnerabilities, which should be discussed at a very high, almost on technical level. An example would be to list that...