Effective Penetration Testing Report Writing

Effective Penetration Testing Report Writing

연구 분야: Strategies

학회: 2021 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME)

This paper studies the methods used to effectively report the outcome of penetration testing. It involves all the necessary components essential in writing up methodologies for any report on penetration testing. Conducting penetration tests to identify security vulnerabilities is critical, but it has become complex and time-consuming leading to poor reporting. The findings indicated that proper test reporting should contain an executive summary, testing objective, penetration testing, and other components. The last aspect in the report should be the remedial options for the identified vulnerabilities. From the evaluated reports, the penetration testers had adhered to the test report methodology. Most reports contained all the needed sections. The penetration report is addressed to the executive teams, managers, and IT experts in companies. From the evaluated reports, the companies endured low, medium, and high-security vulnerabilities. The general remedial options suggested for the companies through different reports included risk assessment, establishing a monitoring process and providing specific solutions to the identified vulnerabilities.