Abstract
Pick a cliché that makes sense here. Where the rubber meets the road, for instance. Reporting is where it really all happens. You can spend days or weeks doing the actual testing, but if you don’t report it, what was the point? When you are trying to get the attention of someone who may actually be able to fix the issues that you found, you need to deliver a professional presentation and be able to explain the issues in a very clear manner. It’s important to convey your findings in an objective fashion so someone who doesn’t understand information security will be able to comprehend what you are saying. They also need to be clear about what you believe should be done as a result of what you found. Indicating how to fix the problem is where you can really add value. If you just toss a report on someone’s desk explaining where they have a lot of problems and then leave, you aren’t being very helpful to them, though they will have a report that they can use against an audit. In the end, though, just being able to say that they did a penetration test to get an audit checkmark isn’t going to be helpful. In six months or a year when they run the test again for their audit requirements, the findings will still be there, and a decent auditor will make note of that.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Ric Messier
About this chapter
Cite this chapter
Messier, R. (2016). Reporting. In: Penetration Testing Basics. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-1857-0_7
Download citation
DOI: https://doi.org/10.1007/978-1-4842-1857-0_7
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-1856-3
Online ISBN: 978-1-4842-1857-0
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books