Recommending Mitigation Strategies
As you worked your way through the penetration test, you developed most of the material that you will need to include in your final report. However, one extremely important step remains before you can complete your documentation: recommending mitigation strategies.
Remember, the whole point of a penetration test is to discover weaknesses in an organization’s security posture so that they can be corrected. Penetration testers who successfully gain access to an organization’s computing environment understand the flaws they exploited in more detail than anyone else. This makes them uniquely suited to recommend ways to remediate those flaws. They simply need to ask themselves this: What controls would have prevented me from carrying out the activities that allowed me to gain access to this system?
Security professionals are often quick to jump to technological solutions, but penetration testers should consider the full range of potential remediations...