In this section, we describe a typical format used to produce professional penetration testing reports.
Before writing the report, we must choose the look of the document; the fonts and the colors for the headings and the text, the margins, the header and footer content, and so on.
A report usually starts with a cover page that contains the report name and version, the date, the service provider, and the organization names. The service provider is the penetration tester or the penetration testing team. In the latter case, it is good practice to include the names of all the team members.
After the cover page, if the report is longer than a few pages, we should include a table of contents to list all the sections of the report with the page numbers.
The contents of the report can be grouped, as we have seen before, in two main sections: the executive summary and the technical report.