Penetration testing is an act to evaluate the security of a computer and computer network, penetration testing is a legal act so proper documentation is required, as discussed about several tips and steps for the successful penetration testing, this article will discuss about the end phase that report writing, means after penetration testing how you must make a report to submit clients.
This figure shows the effective and the best way of doing penetration testing, top four steps has been discussed on previous article click here to learn.
Writing a report is an art, penetration testing report is just like a simple business report you must consider the objective and goals, how many goals has been achieved the way of achieving the goals, timing and all others relevant information that will give an idea about the test to the reader of the report.
Penetration testing report may differ from time to time and the nature of the test, it is the best idea to include flow charts and graphs to mention the vulnerabilities. On the start of the report you must add some flow chart just like an algorithm that will show your working style I mean your plane to conduct the test, an executive summary is required that to show the importance and the nature of the report.
It is very difficult to discuss all the relevant points that must be consider while writing a penetration test report, as I have said before that the report may differ because it is depend on the nature of test, there are different vulnerability scanner available like Nessus andOpenVas that gives a feature to write a report, and for web scanners like Wapiti and others also generate a report by using different graphs and chart.
The point is that your report must be eye catching so use snapshot(s) of your activity for example if you scan an IP for open ports take snapshot of your nmap screen and put it on your report, if you are doing pen test on a network so you must make a network diagram as a hacker point of view and put it on your report.
There are so many sample reports and report template available on the Internet that would really help you to learn the art of writing a penetration testing report, below are the some best resources to learn it.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.
No comments:
Post a Comment