What Does a Penetration Test Report Look Like?

We often get asked what our penetration test reports look like, so we thought we would add a quick video going over a sample report to help address these questions. In the video below we go over our standard deliverable set, which includes our executive summary and technical findings report.

Executive Summary

The intended audience for the executive summary piece of a penetration test report is upper management. This report provides a high-level overview of the type of assessments that were performed, the scope of testing, reviews the risk to the organization, walks through the impact of the most important findings, and provides a quick run down of the thematic strengths and weaknesses.

Technical Findings Report

In contrast, the technical finding report is designed for the technical teams that are tasked with tracking and actually fixing the vulnerabilities identified. This report includes a line-by-line listing of every vulnerability discovered, what system it was discovered on, a brief description of the finding and why it is important, step by step remediation actions, and reference links to aid in remediation.

Take a look as we go over these two reports:

Please let us know if you have any feedback or questions, as we’re always looking to iterate and improve our reporting process.