Let's now discuss how to create a penetration test report and see what is to be included, where it should be included, what should be added and what should be removed, how to format the report, the usage of graphs, and so on. The report of a penetration test is read by many people, such as manager, administrator, and top executives. So, its necessary for things to be organized well enough so that message that needs to be conveyed to the people by the report is correct and is understood by the target audience.
A good penetration testing report can be broken down in the following format:
Page design
Document control
Cover page
Document properties
List of report content
Table of content
List of illustrations
Executive summary
Scope of the penetration test
Severity information
Objectives
Assumptions made
Summary of vulnerabilities Vulnerability distribution chart
Summary of recommendations
Methodology / network admin level report
Test details
List of vulnerabilities...