At the end of a penetration test, a report is provided to the client that outlines all the vulnerabilities found with full details. The penetration test report also contains evidence of the vulnerabilities compromised per system to indicate the proof of concept. This can be helpful for the client’s security team to implement mitigation techniques and prevention controls on their infrastructure. Some penetration-testing reports contain mitigation techniques while others don’t. This is determined by the mutual agreement between the client and the penetration tester of the services to be rendered.
Most importantly, the report is a full summary of the event and actions of the tests conducted and the outcome of each. As penetration testers, our write-ups tend to be a bit too technical at times, however our final report should be written at an executive...