Reporting, tailored
to you

Reporting is a key part of the test process, but not all reporting is created equal. Our reporting process is tailored to your specific needs, helping you not only understand your current situation and outline the vulnerabilities found, but provide you with thorough remediation advice so you can be confident that your organisation is secure.

So, what does our tailored reporting look like?

In-test notifications

Clients often like to know when a high-risk vulnerability has been found during a test, that way they can start remediation efforts straight away. We can provide tailored in-test updates via email, phone or via communication channels such as Slack, alerting you to any high-level findings.

Initial summary

Full test reports take a few days to compile, so, to satisfy any immediate report requirements we can provide a summary of findings at the end of the testing period. This summary will outline the overall number of vulnerabilities found and a brief description of each.

Full test report

A full test report will be delivered within 10 working days, however, we can work to tighter timeframes where required. Our final report is not just a list of findings, but an analysis of these findings backed by technical evidence that includes a prioritised listing of the vulnerabilities, their implications and recommendations for addressing identified security risks in a planned manner.

Each report undergoes an internal quality assurance process before delivery and reports will be delivered securely via encrypted email or thorough a dedicated platform for sharing reports and associated documentation such as proof of concept videos. Where required, we can work to your individual report delivery requirements.

Want to see what a Pentest report looks like? We can provide a sample report on request.

Post test support

At Pentest, we see ourselves as more than just a test provider, this means that our job doesn’t finish on the delivery of a report. We understand that clients often require further help in understanding the findings within a report and support with remediation efforts.

We will continue to provide access to the consultants that were involved in the test after the report has been delivered. This is extremely beneficial to our client’s security improvement efforts and allows our consultants to assist with the interpretation of report findings, pass on their wealth of expertise and support internal teams/external suppliers during the remediation process.

ASVS/MASVS Reporting

We can provide reporting to OWASP Application/Mobile Application Security Verification Standards where required. This provides further evidence on the scope of the test, a verification checklist, test results outlined to ASVS/MASVS requirements (both passed and failed) & clear indication to how failed tests are to be resolved.

Ticketing integration

We can integrate our report findings into existing ticketing systems (Threadfix, Jira & JSON files) & can develop additional integrations where required. This means issues can be distributed effectively to stakeholders and work can be quickly progressed, as well as tracked.

Report walkthrough

We can conduct a full walkthrough presentation of our report, helping support your internal teams, external security vendors (SOC/SEIM etc) and/or any key stakeholders, such as senior management. Our walkthroughs will explain the vulnerabilities found, the exploits used, our risk ratings and our remediation advice.

Evidence of testing

Our clients often need to supply evidence of testing to external partners/clients. We understand they may not wish to share a full technical report, in response we can supply additional documentation to provide proof of testing and satisfy security assurance requirements.

Why choose us

Our services have been designed to thoroughly challenge your information security measures, to support your improvement efforts and ultimately, provide you with the robust security assurances needed. Assurances that your organisation, customers, suppliers and partners are as protected as possible.

Information security experts since 2001

We work to understand your requirements

Independent, trusted advisors

Tailored reporting

Unrivalled post-test support

We're here to give you confidence in your information security.

Contact our team today and find out how our services can help you obtain the information security assurance you need.