SlideShare a Scribd company logo

Report writing

Download as PPTX, PDF
arjun thakur
arjun thakur

this ppt help to create the report and documentation .

Education
1 of 15
Report Writing By: Arjun Thakur
CONTENT  Documentation and Report Writing  Significance of a Penetration Testing Report  Phases in Report Writing  Report Format  Example of a Penetration test report
Documentation and Report Writing • A penetrating testing report plays a significant roles as it does the job of identifying the loopholes in the system and also outlines recommendations to address these issues. • “A report is a statement of the result of an investigation or of any matter on which define information is required.” • Ethical hacking, being the systematic study of vulnerabilities present in a system, consists of different phases such as footprinting, scanning and enumeration. • A penetration test report involves reporting facts from each of these stages.
Significance of a Penetration Testing Report  A penetration testing report can be considered as a valuable product of your hard work and serves as a great source for clients to complete the task that has been started, strengthening the security posture of their systems.  Facts indicated in the penetration report forms the basis for corrective measures to be taken up by organisations towards securing their systems. Hence, it is important for a report to reflect the actual scenario in simple words.  There is a level of dependency between the various departments of an organisation such as Software Development, Database Handling, Information Security and Quality Assessment.  Sometimes it so happens that the vulnerabilities in a team may be the cause for a possible attack on the system in another team, within the same organisation.
Phases in Report Writing
Report Planning a) Stating the objective b) Setting a time frame c) Analysing the target audience 1-Why does the company need this report ? 2-What is their position in the organisation ? 3-Does the report’s objective make sense to the company’s scope of work? 4-What is the individual’s role in implementing an action recommended in the report?
d) Classification of report e) Report distribution Report Planning
Collecting Information  Information is collected at every stage of penetration testing such as footprinting, scanning and assessing vulnerabilities.  A significant amount of information also comes from tools run on computers and networks during tests.  This information may be in the form of text or images such as screen shots.  At the end of each stage of ethical hacking, the tester may collect information and keep it in a file only to be collated with the remaining data in the final report.  For penetration testing that is performed by not just an individual, but by a whole team, it is critical to have a central location where each one of them can store their information and share it with the others, for the final report.
First Draft  The penetration testing report that you develop is not only a proof for your skills as an ethical hacker, but also reflects on your writing and comprehensive skills.  Your ability to articulate and write in a manner that is easily understood by others, complements your professionalism.  It is advised to start writing your first draft as soon as you are done with collecting information.  The first draft is merely a primitive look of your report and you need not worry about formatting styles or proofreading.  For your reference, you may insert comments in sections that need reworking.
Review and Final Report  Once the draft is ready, it can be shared with your peers for review and other team members involved in testing.  Suggestions and improvements will follow and when the final report is ready, it is to be sent to the Quality Analysis team of the organisation.  As the report will be an official announcement from the organisation, it must adhere to certain norms framed by the company, just like any other report.
Report Format • Style, Font, Color, and other format of report like header and footer. • Table Of Contents or TOC. • Executive Summary:- Scope of work Objective Any assumptions made Timeframe of the assessment • Properties of document Like-tester, name of reviewer & approver, version • Version Control on critical process like same data on different versions.
Report Format  Methodology
Report Format  Finding 1-Vulnerabilities Identified 2-Impact 3-Probability of an Attack 4 -Risk Evaluation  Recommendation  References  Appendices  Glossary
Example of a Penetration test report  Some general rules and framework for preparing a Penetration test report that is normally followed by every tester.  In practical scenarios, however, a slight deviation from these foundation principles is allowed as long as they convey correct information to the client.  The deviations occur due to the testing environments and conditions that tester faces in a site.  It takes times and effort to master the art of report writing and is an achievable goal for all.  Here are some of the samples of Penetration test reports that you can view online to get more comfortable with idea, before you start writing one on your own.
Report writing

Recommended

Testing & implementation system 3-wm
Testing & implementation system 3-wmTesting & implementation system 3-wm
Testing & implementation system 3-wmWiwik Muslehatin
 
INCOSE 20100121
INCOSE 20100121INCOSE 20100121
INCOSE 20100121wday
 
Software Project Managment
Software Project ManagmentSoftware Project Managment
Software Project ManagmentSaqib Naveed
 
Reliability and its principals
Reliability and its principalsReliability and its principals
Reliability and its principalsHimanshu
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comdonaldzs8
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comDavisMurphyA97
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comrobertlesew6
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 

Recommended

Testing & implementation system 3-wm
Testing & implementation system 3-wmTesting & implementation system 3-wm
Testing & implementation system 3-wmWiwik Muslehatin
 
INCOSE 20100121
INCOSE 20100121INCOSE 20100121
INCOSE 20100121wday
 
Software Project Managment
Software Project ManagmentSoftware Project Managment
Software Project ManagmentSaqib Naveed
 
Reliability and its principals
Reliability and its principalsReliability and its principals
Reliability and its principalsHimanshu
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comdonaldzs8
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comDavisMurphyA97
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comrobertlesew6
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
03. static techniques
03. static techniques03. static techniques
03. static techniquesTricia Karina
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comPrescottLunt385
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comBaileyabw
 
Chapter 3 - Performance Testing in the Software Lifecycle
Chapter 3 - Performance Testing in the Software LifecycleChapter 3 - Performance Testing in the Software Lifecycle
Chapter 3 - Performance Testing in the Software LifecycleNeeraj Kumar Singh
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
Software engineering
Software engineeringSoftware engineering
Software engineeringsakthibalabalamuruga
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comMcdonaldRyan79
 
Assessing System Readiness
Assessing System ReadinessAssessing System Readiness
Assessing System Readinessjbci
 
Security assessment
Security assessmentSecurity assessment
Security assessmentAntonio Bristow
 
Requirements Engineering
Requirements EngineeringRequirements Engineering
Requirements EngineeringIslamia Univeristy Bahawalpur Bahawalnagar
 
Traceability matrix
Traceability matrixTraceability matrix
Traceability matrixMuthuKumar A
 
Testing throughout the software life cycle
Testing throughout the software life cycleTesting throughout the software life cycle
Testing throughout the software life cycleAchmad Harpin Asrori
 
A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...
A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...
A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...jbci
 
Design pattern & categories
Design pattern & categoriesDesign pattern & categories
Design pattern & categoriesHimanshu
 
Tool support for..
Tool support for.. Tool support for..
Tool support for.. Johnsonstephen Jsstc
 
Software testing and introduction to quality
Software testing and introduction to qualitySoftware testing and introduction to quality
Software testing and introduction to qualityDhanashriAmbre
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingNetsparker
 

More Related Content

What's hot

03. static techniques
03. static techniques03. static techniques
03. static techniquesTricia Karina
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comPrescottLunt385
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comBaileyabw
 
Chapter 3 - Performance Testing in the Software Lifecycle
Chapter 3 - Performance Testing in the Software LifecycleChapter 3 - Performance Testing in the Software Lifecycle
Chapter 3 - Performance Testing in the Software LifecycleNeeraj Kumar Singh
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comMcdonaldRyan79
 
Assessing System Readiness
Assessing System ReadinessAssessing System Readiness
Assessing System Readinessjbci
 
Traceability matrix
Traceability matrixTraceability matrix
Traceability matrixMuthuKumar A
 
Testing throughout the software life cycle
Testing throughout the software life cycleTesting throughout the software life cycle
Testing throughout the software life cycleAchmad Harpin Asrori
 
A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...
A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...
A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...jbci
 
Design pattern & categories
Design pattern & categoriesDesign pattern & categories
Design pattern & categoriesHimanshu
 

What's hot (20)

03. static techniques
03. static techniques03. static techniques
03. static techniques
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.com
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.com
 
Chapter 3 - Performance Testing in the Software Lifecycle
Chapter 3 - Performance Testing in the Software LifecycleChapter 3 - Performance Testing in the Software Lifecycle
Chapter 3 - Performance Testing in the Software Lifecycle
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
 
Software engineering
Software engineeringSoftware engineering
Software engineering
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.com
 
Assessing System Readiness
Assessing System ReadinessAssessing System Readiness
Assessing System Readiness
 
Security assessment
Security assessmentSecurity assessment
Security assessment
 
Requirements Engineering
Requirements EngineeringRequirements Engineering
Requirements Engineering
 
Traceability matrix
Traceability matrixTraceability matrix
Traceability matrix
 
Testing throughout the software life cycle
Testing throughout the software life cycleTesting throughout the software life cycle
Testing throughout the software life cycle
 
A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...
A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...
A Comprehensive Overview Of Techniquess For Measuring System Readiness Final ...
 
Design pattern & categories
Design pattern & categoriesDesign pattern & categories
Design pattern & categories
 
Tool support for..
Tool support for.. Tool support for..
Tool support for..
 

Similar to Report writing

Software testing and introduction to quality
Software testing and introduction to qualitySoftware testing and introduction to quality
Software testing and introduction to qualityDhanashriAmbre
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingNetsparker
 
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docxMITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docxhelzerpatrina
 
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docxMITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docxroushhsiu
 
Testing quick interview preparation
Testing quick interview preparationTesting quick interview preparation
Testing quick interview preparationtesting1001
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comDavis11a
 
Static techniques
Static techniquesStatic techniques
Static techniqueschayo rona
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxtaitcandie
 
IRJET- Comparative Study of Classification Algorithms for Sentiment Analy...
IRJET- Comparative Study of Classification Algorithms for Sentiment Analy...IRJET- Comparative Study of Classification Algorithms for Sentiment Analy...
IRJET- Comparative Study of Classification Algorithms for Sentiment Analy...IRJET Journal
 

Similar to Report writing (20)

Software testing and introduction to quality
Software testing and introduction to qualitySoftware testing and introduction to quality
Software testing and introduction to quality
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - Reporting
 
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docxMITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
 
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docxMITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
 
Marjuni.
Marjuni.Marjuni.
Marjuni.
 
Testing quick interview preparation
Testing quick interview preparationTesting quick interview preparation
Testing quick interview preparation
 
Test management
Test managementTest management
Test management
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational brief
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docx
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.com
 
Unit 3 for st
Unit 3 for stUnit 3 for st
Unit 3 for st
 
Static techniques
Static techniquesStatic techniques
Static techniques
 
Static techniques
Static techniquesStatic techniques
Static techniques
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
 
Static techniques
Static techniquesStatic techniques
Static techniques
 
SE-Unit II.pdf
SE-Unit II.pdfSE-Unit II.pdf
SE-Unit II.pdf
 
Ijcatr04051006
Ijcatr04051006Ijcatr04051006
Ijcatr04051006
 
IRJET- Comparative Study of Classification Algorithms for Sentiment Analy...
IRJET- Comparative Study of Classification Algorithms for Sentiment Analy...IRJET- Comparative Study of Classification Algorithms for Sentiment Analy...
IRJET- Comparative Study of Classification Algorithms for Sentiment Analy...
 
Too many files
Too many filesToo many files
Too many files
 

Recently uploaded

Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersChitralekhaTherkar
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 

Recently uploaded (20)

Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 

Report writing

  • 2. CONTENT  Documentation and Report Writing  Significance of a Penetration Testing Report  Phases in Report Writing  Report Format  Example of a Penetration test report
  • 3. Documentation and Report Writing • A penetrating testing report plays a significant roles as it does the job of identifying the loopholes in the system and also outlines recommendations to address these issues. • “A report is a statement of the result of an investigation or of any matter on which define information is required.” • Ethical hacking, being the systematic study of vulnerabilities present in a system, consists of different phases such as footprinting, scanning and enumeration. • A penetration test report involves reporting facts from each of these stages.
  • 4. Significance of a Penetration Testing Report  A penetration testing report can be considered as a valuable product of your hard work and serves as a great source for clients to complete the task that has been started, strengthening the security posture of their systems.  Facts indicated in the penetration report forms the basis for corrective measures to be taken up by organisations towards securing their systems. Hence, it is important for a report to reflect the actual scenario in simple words.  There is a level of dependency between the various departments of an organisation such as Software Development, Database Handling, Information Security and Quality Assessment.  Sometimes it so happens that the vulnerabilities in a team may be the cause for a possible attack on the system in another team, within the same organisation.
  • 6. Report Planning a) Stating the objective b) Setting a time frame c) Analysing the target audience 1-Why does the company need this report ? 2-What is their position in the organisation ? 3-Does the report’s objective make sense to the company’s scope of work? 4-What is the individual’s role in implementing an action recommended in the report?
  • 7. d) Classification of report e) Report distribution Report Planning
  • 8. Collecting Information  Information is collected at every stage of penetration testing such as footprinting, scanning and assessing vulnerabilities.  A significant amount of information also comes from tools run on computers and networks during tests.  This information may be in the form of text or images such as screen shots.  At the end of each stage of ethical hacking, the tester may collect information and keep it in a file only to be collated with the remaining data in the final report.  For penetration testing that is performed by not just an individual, but by a whole team, it is critical to have a central location where each one of them can store their information and share it with the others, for the final report.
  • 9. First Draft  The penetration testing report that you develop is not only a proof for your skills as an ethical hacker, but also reflects on your writing and comprehensive skills.  Your ability to articulate and write in a manner that is easily understood by others, complements your professionalism.  It is advised to start writing your first draft as soon as you are done with collecting information.  The first draft is merely a primitive look of your report and you need not worry about formatting styles or proofreading.  For your reference, you may insert comments in sections that need reworking.
  • 10. Review and Final Report  Once the draft is ready, it can be shared with your peers for review and other team members involved in testing.  Suggestions and improvements will follow and when the final report is ready, it is to be sent to the Quality Analysis team of the organisation.  As the report will be an official announcement from the organisation, it must adhere to certain norms framed by the company, just like any other report.
  • 11. Report Format • Style, Font, Color, and other format of report like header and footer. • Table Of Contents or TOC. • Executive Summary:- Scope of work Objective Any assumptions made Timeframe of the assessment • Properties of document Like-tester, name of reviewer & approver, version • Version Control on critical process like same data on different versions.
  • 13. Report Format  Finding 1-Vulnerabilities Identified 2-Impact 3-Probability of an Attack 4 -Risk Evaluation  Recommendation  References  Appendices  Glossary
  • 14. Example of a Penetration test report  Some general rules and framework for preparing a Penetration test report that is normally followed by every tester.  In practical scenarios, however, a slight deviation from these foundation principles is allowed as long as they convey correct information to the client.  The deviations occur due to the testing environments and conditions that tester faces in a site.  It takes times and effort to master the art of report writing and is an achievable goal for all.  Here are some of the samples of Penetration test reports that you can view online to get more comfortable with idea, before you start writing one on your own.