Pentest Tailored Reporting
Reporting is a key part of the cybersecurity testing process, but not all reporting is created equal. Find out how our reporting goes further.
The Pentest approach to reporting
Our reporting process can be tailored to your specific needs and can be adapted to your ways of working. Not only will our reporting approach help you understand your current situation and outline the vulnerabilities found, it will provide you with our remediation advice and the assurances that you, your customers, suppliers, and partners require.
Below are just some of the ways we can tailor our reporting process to better suit you:
In-Test Notifications
Clients often want to know when a high-risk vulnerability has been found during a test, that way they can start remediation efforts straight away. We can provide tailored in-test updates via email, phone or via communication channels such as Slack, alerting you to any high-level findings as we find them.
Initial Summary
Our full test reports take a few days to compile, so, to satisfy any immediate report requirements we can provide a summary of findings at the end of the testing period. This summary will outline the overall number of vulnerabilities found and a brief description of each.
Pentest Report
Our final report is not just a list of findings, but an analysis of these findings backed by technical evidence. This includes a prioritised listing of the vulnerabilities, their implications and our recommendations for addressing the identified risks in a planned manner.
Each report undergoes an internal quality assurance process before delivery and reports will be delivered securely via encrypted email or thorough a dedicated platform for sharing reports. Where required, we can work to your individual report delivery requirements.
Want to see what a Pentest report looks like? We can provide a sample report on request.
Post-Test Support
We see ourselves as more than just a test provider, this means that our job doesn’t finish on the delivery of a report and we understand that clients often require further help in understanding findings and support with remediation efforts.
That's why we will continue to provide access to our consultants after the report has been delivered. This allows our consultants to assist with the interpretation of report findings, pass on their wealth of expertise and support internal teams/external suppliers during the remediation process.
ASVS/MASVS Reporting
We can provide reporting to OWASP Application/Mobile Application Security Verification Standards where required. This provides further evidence on the scope of the test, a verification checklist, test results outlined to ASVS/MASVS requirements (both passed and failed) & clear indication to how failed tests are to be resolved.
Ticketing System Integration
We can integrate our report findings into your existing ticketing systems (Threadfix, Jira & JSON files) & can develop additional integrations where required. This means issues can be distributed effectively to stakeholders and work can be quickly progressed, as well as tracked.
Report Walkthrough
We can conduct a full walkthrough presentation of our report, helping support your internal teams, external security vendors (SOC/SEIM etc) and/or any key stakeholders, such as senior management. Our walkthroughs will explain the vulnerabilities found, the exploits used, our risk ratings and our remediation advice.
Evidence of Testing
Our clients often need to supply evidence of testing to external partners/clients and we understand they may not wish to share a full technical report. In response, we can supply additional documentation to provide proof of testing and satisfy any security assurance requirements.
Want to know more about Pentest's tailored reporting?
Our team our on hand to provide you with all the information you require.