Report Writing

Legal Documents

  • Before you test: Rules of Engagement (ROE)
    • Scope
    • What is allowed and what isn't
    • Do NOT start pentesting before ROE is signed
  • After you test: Findings Report

Sample Findings Report

GitHub - hmaverickadams/TCM-Security-Sample-Pentest-Report: Sample pentest report provided by TCM Security
TCM Security Sample Pentest Report

Findings Report Structure

  • Confidentiality Statement
  • Disclaimer
  • Contact Information
  • Assessment Overview
  • Assessment Components
  • Finding Severity Ratings
  • Scope
  • Executive Summary
  • Security Strengths
  • Security Weaknesses
  • Vulnerabilities by Impact
  • Penetration Test Findings