Generating manual reports
Let's now discuss how to create a penetration test report and learn what needs to be included, where it should be included, what should be added/removed, how to format the report, the use of graphs, and more. Many people, such as managers, administrators, and top executives, will read the report of a penetration test. Therefore, the findings must be well organized so that the correct message is conveyed and understood by the target audience.
The format of the report
A good penetration test report can be broken down into the following format:
- Page design
- Document control:
Cover page
Document properties
- List of the report content:
Table of contents
List of illustrations
- Executive/high-level summary:
The scope of the penetration test
Severity information
Objectives and assumptions
Summary of vulnerabilities
Vulnerability distribution chart
Summary of recommendations
- Methodology/technical report:
Test details
List of vulnerabilities...