Please enable JavaScript.
Coggle requires JavaScript to display documents.
Pen test Project (Reporting & Communication) (Questions you may need…
Pen test Project (Reporting & Communication)
Reporting
Need data
Presentation of data & summary
Keep track whilst test is live (screenshots, videos, etc)
Use tools
Microsoft Excel
Makes it easier to read & analyse
Communication
Find recommendations
Make your points
Digest all activities and conclusions
Call to action
Steps to fix issues
Your voice after you leave
Know your audience
1 page summary
Management
Technical
Interest Level?
Concerns?
Questions you may need to answer
Why did you make the choices you made?
What did you find?
What did you do?
Findings effect conclusion?
Executive Summary
1 Page Max - High Level Summary
Targeted at Executives
Test Goals & General Findings
Methodology
Approach to overall test
Why you did what you did
Tools & Techniques
Why you didn't do anymore
Findings & Remediation
Important findings
Ranked list
What you recommend to clients
Conclusion
Report to action
Post Report Activities
May include presenting the report
Clean up anything you find
Shells
Tester-created Credentials
Tools
Clean up History
Present Report
Client acceptance
Project Activities
Lessons Learnt
Helps to consistently improve
Crucial Step
Improve on the client end also
May need to retest (Increases Scope)
Common Findings
Weak Password Complexity
Shared Local Admin Accounts
No Multi Factor Authentication
Plain Text Passwords
Who provides findings?
Who should be contacted when something goes wrong?
Who will resolve conflicts
Who will provide technical assistance?