SlideShare a Scribd company logo

Effective Cyber Security Report Writing

OWASP Delhi
OWASP Delhi

Session presented in the Combined [nullDelhi + OWASPDelhi] webinar on 31st May. Watch the webinar here - https://www.youtube.com/watch?v=22Hccp-7UDU A person's assessment/ investigation is only as good as the report that supports it. A good quality or effective report is a presentation of you as an assessor, analyst, or consultant. The speaker discusses here the important points to keep in mind while preparing a Cyber Security Report. A must know webinar for all - freshers, professionals, bug bounty hunters and the C- level entities.

Education
1 of 20
Download to read offline
Effective Report Writing Cyber Security
whoami? Ashwini Varadkar Sr. Security Analyst 5. 6 years of Experience in Cyber Security Avid Reader Kathak Professional Special Love Towards Reporting :p
What is a Report? “Report” is derived from the Latin word of “reportare” which means carry back. Re is back and portare means to carry. Represents information in structured format, is short and concise, purposeful, and has audience.
Cyber Security and Reports - The Inseparables • SOC • Assessment • DFIR • GRC
The Reality Check! As to how did we realize that there is a gap that needs to be addressed? • Leader/Reviewer/Project Manager • Other way: • Client report rejection • Social media posts • Not talked about a lot
Need for Effective Writing Reputation Consulting
Common Mistakes COMMUNICATING SOMEONE ELSE’S OUTPUT VAGUE SENTENCES IMAGE RELATED ISSUES
Common Concerns • Unable to lead people through the content in a structured way. They should get the information that they want quickly and easily. • Confusion often arises about the writing style, what to include, the language to use, the length of the document and other factors.
What is Effective? :/ Rules Concept
Formal Writings • What all comes under the umbrella of formal writing? • Academic research papers • Business presentations, • Emails and memorandums • Business reports for conveying information • and other types of official correspondence.
Contractions • Avoid using contracted words. E.g.: oShould + not = Shouldn’t oWill + not = Won’t oAre + not = Aren’t oIs + not = Isn’t
Stay Active • Active voices – Sentences that are direct and concise. E.g. o Passive voice – An instance of XSS was observed by the analyst. o Active voice – The analyst observed an XSS instance. o Passive voice – Instructions will be given to you by the assessor. o Active voice – The assessor will give you instructions.
Capitalization in Titles • Thumb Rule: o Capitalize the important words in the title o E.g – Weak Password Policy in Use o E.g – Cross-Site Request Forgery (CSRF) • So which words are usually written in lowercase when creating headlines and titles? o Articles (a, an, the) o Coordinating Conjunctions (and, but, for) o Short (less than 5 letters) Prepositions (at, by, from) Consistency is the KEY
• Lower Case Titles o E.g – Weak password policy in use o E.g – Cross-site request forgery (CSRF) • Same rule applies to the image captions (these are nothing but short titles).
Capitalization in Sentences • Avoid random capitalization of letters in sentences. oE.g: URL's should not contain any Sensitive Information, for example, a session Token, as the information is often logged at various locations. oSimply: URL's should not contain any sensitive information, for example, a session token, as the information is often logged at various locations. • Capitalize proper nouns (names, countries, cities) such as the below sentence. oE.g: xyzOrg discovered multiple instances of weak physical security in SampleOrganization’s Chicago data centre.
Software Name • It is JavaScript (abbreviated as JS) and not Javascript • jQuery and not Jquery or JQuery • Clickjacking and not ClickJacking Simply check the tool/service/software name on their official websites! This also applies to attack names. • EternalBlue • POODLE Consistency is the KEY
Highlights and Emphasis • Make relevant highlights. • Use single or double quotes to stress on a word. Ensure consistency. • Subtitles can be emphasized by using bold (under PoC section, under Remediation). • Observe the template. If XYZ uses single quotes for highlights, continue that in your write up too. Consistency is the KEY
Images • General points: • All images must be aligned in one specific way. • Relevant masking must be done. • Relevant highlights must be made. • Image should be clear. Consistency is the KEY
Conclusion • Note the points discussed here • Write • Write down the points • Frame sentence around it • Ask for help • Share the responsibilities • Courses / Apps • Books/Ebooks • Checklist Consistency is the KEY
Thank You J

Recommended

Game theory (Operation Research)
Game theory (Operation Research)Game theory (Operation Research)
Game theory (Operation Research)
kashif ayaz
 
Resource Allocation In Software Project Management
Resource Allocation In Software Project ManagementResource Allocation In Software Project Management
Resource Allocation In Software Project Management
Syed Hassan Ali
 
Software engineering mca
Software engineering mcaSoftware engineering mca
Software engineering mca
Aman Adhikari
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
SKS
 
Final project report of a game
Final project report of a gameFinal project report of a game
Final project report of a game
Nadia Nahar
 
Occupational crime
Occupational crimeOccupational crime
Occupational crime
SKS
 
Software quality
Software qualitySoftware quality
Software qualitySara Mehmood
 
Android UI Design Tips
Android UI Design TipsAndroid UI Design Tips
Android UI Design Tips
Android Developers
 

Recommended

Game theory (Operation Research)
Game theory (Operation Research)Game theory (Operation Research)
Game theory (Operation Research)
kashif ayaz
 
Resource Allocation In Software Project Management
Resource Allocation In Software Project ManagementResource Allocation In Software Project Management
Resource Allocation In Software Project Management
Syed Hassan Ali
 
Software engineering mca
Software engineering mcaSoftware engineering mca
Software engineering mca
Aman Adhikari
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
SKS
 
Final project report of a game
Final project report of a gameFinal project report of a game
Final project report of a game
Nadia Nahar
 
Occupational crime
Occupational crimeOccupational crime
Occupational crime
SKS
 
Software quality
Software qualitySoftware quality
Software qualitySara Mehmood
 
Android UI Design Tips
Android UI Design TipsAndroid UI Design Tips
Android UI Design Tips
Android Developers
 
Agile development
Agile developmentAgile development
Agile development
JoshuaU1
 
What is Kernel, basic idea of kernel
What is Kernel, basic idea of kernelWhat is Kernel, basic idea of kernel
What is Kernel, basic idea of kernel
Neel Parikh
 
An introduction to Game Theory
An introduction to Game TheoryAn introduction to Game Theory
An introduction to Game Theory
Paul Trafford
 
Lecture 1 - Game Theory
Lecture 1 - Game TheoryLecture 1 - Game Theory
Lecture 1 - Game Theory
Luke Dicken
 
Types of software testing
Types of software testingTypes of software testing
Types of software testing
Prachi Sasankar
 
Software Engineering Overview
Software Engineering Overview Software Engineering Overview
Software Engineering Overview
LGS, GBHS&IC, University Of South-Asia, TARA-Technologies
 
Engineers as experts and advisors
Engineers as experts and advisorsEngineers as experts and advisors
Engineers as experts and advisors
SKS
 
Chapter 13 software testing strategies
Chapter 13 software testing strategiesChapter 13 software testing strategies
Chapter 13 software testing strategies
SHREEHARI WADAWADAGI
 
Linear programming
Linear programmingLinear programming
Linear programmingPiyush Sharma
 
Anavex Corporate Presentation
Anavex Corporate PresentationAnavex Corporate Presentation
Anavex Corporate Presentation
Kergrohen
 
multiplexer and d-multiplexer
multiplexer and d-multiplexermultiplexer and d-multiplexer
multiplexer and d-multiplexer
malikwaqar75033149
 
Software myths | Software Engineering Notes
Software myths | Software Engineering NotesSoftware myths | Software Engineering Notes
Software myths | Software Engineering Notes
Navjyotsinh Jadeja
 
Software Engineer- A unity 3d Game
Software Engineer- A unity 3d GameSoftware Engineer- A unity 3d Game
Software Engineer- A unity 3d Game
Isfand yar Khan
 
software engineering
software engineeringsoftware engineering
software engineering
Azad public school
 
Agile Development | Agile Process Models
Agile Development | Agile Process ModelsAgile Development | Agile Process Models
Agile Development | Agile Process Models
Ahsan Rahim
 
Engineering as experimentation
Engineering as experimentationEngineering as experimentation
Engineering as experimentation
SKS
 
Unit1
Unit1Unit1
Unit1anuragmbst
 
Tic toc game presentation
Tic toc game presentationTic toc game presentation
Tic toc game presentation
REZAUL KARIM REFATH
 
Artificial neural network
Artificial neural networkArtificial neural network
Artificial neural network
nainabhatt2
 
Engineers are responsible experimenters
Engineers are responsible experimentersEngineers are responsible experimenters
Engineers are responsible experimenters
SKS
 
Hidden sides of Code Review (MMM-2023)
Hidden sides of Code Review (MMM-2023)Hidden sides of Code Review (MMM-2023)
Hidden sides of Code Review (MMM-2023)
Dmitrii Ivanov
 
Mind the Semantic Gap
Mind the Semantic GapMind the Semantic Gap
Mind the Semantic Gap
Panos Alexopoulos
 

More Related Content

What's hot

Agile development
Agile developmentAgile development
Agile development
JoshuaU1
 
What is Kernel, basic idea of kernel
What is Kernel, basic idea of kernelWhat is Kernel, basic idea of kernel
What is Kernel, basic idea of kernel
Neel Parikh
 
An introduction to Game Theory
An introduction to Game TheoryAn introduction to Game Theory
An introduction to Game Theory
Paul Trafford
 
Lecture 1 - Game Theory
Lecture 1 - Game TheoryLecture 1 - Game Theory
Lecture 1 - Game Theory
Luke Dicken
 
Types of software testing
Types of software testingTypes of software testing
Types of software testing
Prachi Sasankar
 
Software Engineering Overview
Software Engineering Overview Software Engineering Overview
Software Engineering Overview
LGS, GBHS&IC, University Of South-Asia, TARA-Technologies
 
Engineers as experts and advisors
Engineers as experts and advisorsEngineers as experts and advisors
Engineers as experts and advisors
SKS
 
Chapter 13 software testing strategies
Chapter 13 software testing strategiesChapter 13 software testing strategies
Chapter 13 software testing strategies
SHREEHARI WADAWADAGI
 
Anavex Corporate Presentation
Anavex Corporate PresentationAnavex Corporate Presentation
Anavex Corporate Presentation
Kergrohen
 
multiplexer and d-multiplexer
multiplexer and d-multiplexermultiplexer and d-multiplexer
multiplexer and d-multiplexer
malikwaqar75033149
 
Software myths | Software Engineering Notes
Software myths | Software Engineering NotesSoftware myths | Software Engineering Notes
Software myths | Software Engineering Notes
Navjyotsinh Jadeja
 
Software Engineer- A unity 3d Game
Software Engineer- A unity 3d GameSoftware Engineer- A unity 3d Game
Software Engineer- A unity 3d Game
Isfand yar Khan
 
software engineering
software engineeringsoftware engineering
software engineering
Azad public school
 
Agile Development | Agile Process Models
Agile Development | Agile Process ModelsAgile Development | Agile Process Models
Agile Development | Agile Process Models
Ahsan Rahim
 
Engineering as experimentation
Engineering as experimentationEngineering as experimentation
Engineering as experimentation
SKS
 
Tic toc game presentation
Tic toc game presentationTic toc game presentation
Tic toc game presentation
REZAUL KARIM REFATH
 
Artificial neural network
Artificial neural networkArtificial neural network
Artificial neural network
nainabhatt2
 
Engineers are responsible experimenters
Engineers are responsible experimentersEngineers are responsible experimenters
Engineers are responsible experimenters
SKS
 

What's hot (20)

Agile development
Agile developmentAgile development
Agile development
 
What is Kernel, basic idea of kernel
What is Kernel, basic idea of kernelWhat is Kernel, basic idea of kernel
What is Kernel, basic idea of kernel
 
An introduction to Game Theory
An introduction to Game TheoryAn introduction to Game Theory
An introduction to Game Theory
 
Lecture 1 - Game Theory
Lecture 1 - Game TheoryLecture 1 - Game Theory
Lecture 1 - Game Theory
 
Types of software testing
Types of software testingTypes of software testing
Types of software testing
 
Software Engineering Overview
Software Engineering Overview Software Engineering Overview
Software Engineering Overview
 
Engineers as experts and advisors
Engineers as experts and advisorsEngineers as experts and advisors
Engineers as experts and advisors
 
Chapter 13 software testing strategies
Chapter 13 software testing strategiesChapter 13 software testing strategies
Chapter 13 software testing strategies
 
Linear programming
Linear programmingLinear programming
Linear programming
 
Anavex Corporate Presentation
Anavex Corporate PresentationAnavex Corporate Presentation
Anavex Corporate Presentation
 
multiplexer and d-multiplexer
multiplexer and d-multiplexermultiplexer and d-multiplexer
multiplexer and d-multiplexer
 
Software myths | Software Engineering Notes
Software myths | Software Engineering NotesSoftware myths | Software Engineering Notes
Software myths | Software Engineering Notes
 
Software Engineer- A unity 3d Game
Software Engineer- A unity 3d GameSoftware Engineer- A unity 3d Game
Software Engineer- A unity 3d Game
 
software engineering
software engineeringsoftware engineering
software engineering
 
Agile Development | Agile Process Models
Agile Development | Agile Process ModelsAgile Development | Agile Process Models
Agile Development | Agile Process Models
 
Engineering as experimentation
Engineering as experimentationEngineering as experimentation
Engineering as experimentation
 
Unit1
Unit1Unit1
Unit1
 
Tic toc game presentation
Tic toc game presentationTic toc game presentation
Tic toc game presentation
 
Artificial neural network
Artificial neural networkArtificial neural network
Artificial neural network
 
Engineers are responsible experimenters
Engineers are responsible experimentersEngineers are responsible experimenters
Engineers are responsible experimenters
 

Similar to Effective Cyber Security Report Writing

Hidden sides of Code Review (MMM-2023)
Hidden sides of Code Review (MMM-2023)Hidden sides of Code Review (MMM-2023)
Hidden sides of Code Review (MMM-2023)
Dmitrii Ivanov
 
Mind the Semantic Gap
Mind the Semantic GapMind the Semantic Gap
Mind the Semantic Gap
Panos Alexopoulos
 
Opinion Mining
Opinion MiningOpinion Mining
Opinion Mining
Shital Kat
 
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
IT Arena
 
Software Design
Software DesignSoftware Design
Software Design
Ahmed Misbah
 
Hidden sides of Code Review (Do-iOS)
Hidden sides of Code Review (Do-iOS)Hidden sides of Code Review (Do-iOS)
Hidden sides of Code Review (Do-iOS)
Dmitrii Ivanov
 
Keep It Simple - presentation at ASTC October 2018
Keep It Simple - presentation at ASTC October 2018Keep It Simple - presentation at ASTC October 2018
Keep It Simple - presentation at ASTC October 2018
Kirsty Taylor, CLPM
 
Technical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).ppt
Technical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).pptTechnical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).ppt
Technical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).ppt
Geetanjali Mishra
 
How to build a winning Data Science resume
How to build a winning Data Science resumeHow to build a winning Data Science resume
How to build a winning Data Science resume
Brian Spiering
 
Role of compliance in security audits
Role of compliance in security auditsRole of compliance in security audits
Role of compliance in security audits
n|u - The Open Security Community
 
SOFLUX Meetup - Landing on your dream job
SOFLUX Meetup - Landing on your dream jobSOFLUX Meetup - Landing on your dream job
SOFLUX Meetup - Landing on your dream job
Marta Guerra
 
principles of effective writing
principles of effective writingprinciples of effective writing
principles of effective writing
Dr Pooja Raj Srivastava
 
Tutorial on Opinion Mining and Sentiment Analysis
Tutorial on Opinion Mining and Sentiment AnalysisTutorial on Opinion Mining and Sentiment Analysis
Tutorial on Opinion Mining and Sentiment Analysis
Yun Hao
 
Braun, Clarke & Hayfield Thematic Analysis Part 3
Braun, Clarke & Hayfield Thematic Analysis Part 3Braun, Clarke & Hayfield Thematic Analysis Part 3
Braun, Clarke & Hayfield Thematic Analysis Part 3
Victoria Clarke
 
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
Dr. Haxel Consult
 
How to Implement Domain Driven Design in Real Life SDLC
How to Implement Domain Driven Design in Real Life SDLCHow to Implement Domain Driven Design in Real Life SDLC
How to Implement Domain Driven Design in Real Life SDLC
Abdul Karim
 
Copywriting 101 - Delucchi Plus
Copywriting 101 - Delucchi PlusCopywriting 101 - Delucchi Plus
Copywriting 101 - Delucchi Plus
delucchiplus
 
2007 Writing Presentation given as guest lecturer, George Mason University
2007 Writing Presentation given as guest lecturer, George Mason University2007 Writing Presentation given as guest lecturer, George Mason University
2007 Writing Presentation given as guest lecturer, George Mason UniversityStephen Bates
 
Prototyping Accessibility - WordCamp Europe 2018
Prototyping Accessibility - WordCamp Europe 2018Prototyping Accessibility - WordCamp Europe 2018
Prototyping Accessibility - WordCamp Europe 2018
Adrian Roselli
 
Code Quality Makes Your Job Easier
Code Quality Makes Your Job EasierCode Quality Makes Your Job Easier
Code Quality Makes Your Job Easier
Tonya Mork
 

Similar to Effective Cyber Security Report Writing (20)

Hidden sides of Code Review (MMM-2023)
Hidden sides of Code Review (MMM-2023)Hidden sides of Code Review (MMM-2023)
Hidden sides of Code Review (MMM-2023)
 
Mind the Semantic Gap
Mind the Semantic GapMind the Semantic Gap
Mind the Semantic Gap
 
Opinion Mining
Opinion MiningOpinion Mining
Opinion Mining
 
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
 
Software Design
Software DesignSoftware Design
Software Design
 
Hidden sides of Code Review (Do-iOS)
Hidden sides of Code Review (Do-iOS)Hidden sides of Code Review (Do-iOS)
Hidden sides of Code Review (Do-iOS)
 
Keep It Simple - presentation at ASTC October 2018
Keep It Simple - presentation at ASTC October 2018Keep It Simple - presentation at ASTC October 2018
Keep It Simple - presentation at ASTC October 2018
 
Technical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).ppt
Technical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).pptTechnical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).ppt
Technical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).ppt
 
How to build a winning Data Science resume
How to build a winning Data Science resumeHow to build a winning Data Science resume
How to build a winning Data Science resume
 
Role of compliance in security audits
Role of compliance in security auditsRole of compliance in security audits
Role of compliance in security audits
 
SOFLUX Meetup - Landing on your dream job
SOFLUX Meetup - Landing on your dream jobSOFLUX Meetup - Landing on your dream job
SOFLUX Meetup - Landing on your dream job
 
principles of effective writing
principles of effective writingprinciples of effective writing
principles of effective writing
 
Tutorial on Opinion Mining and Sentiment Analysis
Tutorial on Opinion Mining and Sentiment AnalysisTutorial on Opinion Mining and Sentiment Analysis
Tutorial on Opinion Mining and Sentiment Analysis
 
Braun, Clarke & Hayfield Thematic Analysis Part 3
Braun, Clarke & Hayfield Thematic Analysis Part 3Braun, Clarke & Hayfield Thematic Analysis Part 3
Braun, Clarke & Hayfield Thematic Analysis Part 3
 
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
 
How to Implement Domain Driven Design in Real Life SDLC
How to Implement Domain Driven Design in Real Life SDLCHow to Implement Domain Driven Design in Real Life SDLC
How to Implement Domain Driven Design in Real Life SDLC
 
Copywriting 101 - Delucchi Plus
Copywriting 101 - Delucchi PlusCopywriting 101 - Delucchi Plus
Copywriting 101 - Delucchi Plus
 
2007 Writing Presentation given as guest lecturer, George Mason University
2007 Writing Presentation given as guest lecturer, George Mason University2007 Writing Presentation given as guest lecturer, George Mason University
2007 Writing Presentation given as guest lecturer, George Mason University
 
Prototyping Accessibility - WordCamp Europe 2018
Prototyping Accessibility - WordCamp Europe 2018Prototyping Accessibility - WordCamp Europe 2018
Prototyping Accessibility - WordCamp Europe 2018
 
Code Quality Makes Your Job Easier
Code Quality Makes Your Job EasierCode Quality Makes Your Job Easier
Code Quality Makes Your Job Easier
 

More from OWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
OWASP Delhi
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
OWASP Delhi
 
UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
OWASP Delhi
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
OWASP Delhi
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
OWASP Delhi
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
OWASP Delhi
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
OWASP Delhi
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
OWASP Delhi
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
OWASP Delhi
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP Delhi
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
OWASP Delhi
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
OWASP Delhi
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
OWASP Delhi
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
OWASP Delhi
 
Hostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit PrateekHostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit Prateek
OWASP Delhi
 

More from OWASP Delhi (20)

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
 
UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 
Hostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit PrateekHostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit Prateek
 

Recently uploaded

BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
JEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questionsJEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questions
ShivajiThube2
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
goswamiyash170123
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
JEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questionsJEE1_This_section_contains_FOUR_ questions
JEE1_This_section_contains_FOUR_ questions
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 

Effective Cyber Security Report Writing

  • 2. whoami? Ashwini Varadkar Sr. Security Analyst 5. 6 years of Experience in Cyber Security Avid Reader Kathak Professional Special Love Towards Reporting :p
  • 3. What is a Report? “Report” is derived from the Latin word of “reportare” which means carry back. Re is back and portare means to carry. Represents information in structured format, is short and concise, purposeful, and has audience.
  • 4. Cyber Security and Reports - The Inseparables • SOC • Assessment • DFIR • GRC
  • 5. The Reality Check! As to how did we realize that there is a gap that needs to be addressed? • Leader/Reviewer/Project Manager • Other way: • Client report rejection • Social media posts • Not talked about a lot
  • 6. Need for Effective Writing Reputation Consulting
  • 7. Common Mistakes COMMUNICATING SOMEONE ELSE’S OUTPUT VAGUE SENTENCES IMAGE RELATED ISSUES
  • 8. Common Concerns • Unable to lead people through the content in a structured way. They should get the information that they want quickly and easily. • Confusion often arises about the writing style, what to include, the language to use, the length of the document and other factors.
  • 9. What is Effective? :/ Rules Concept
  • 10. Formal Writings • What all comes under the umbrella of formal writing? • Academic research papers • Business presentations, • Emails and memorandums • Business reports for conveying information • and other types of official correspondence.
  • 11. Contractions • Avoid using contracted words. E.g.: oShould + not = Shouldn’t oWill + not = Won’t oAre + not = Aren’t oIs + not = Isn’t
  • 12. Stay Active • Active voices – Sentences that are direct and concise. E.g. o Passive voice – An instance of XSS was observed by the analyst. o Active voice – The analyst observed an XSS instance. o Passive voice – Instructions will be given to you by the assessor. o Active voice – The assessor will give you instructions.
  • 13. Capitalization in Titles • Thumb Rule: o Capitalize the important words in the title o E.g – Weak Password Policy in Use o E.g – Cross-Site Request Forgery (CSRF) • So which words are usually written in lowercase when creating headlines and titles? o Articles (a, an, the) o Coordinating Conjunctions (and, but, for) o Short (less than 5 letters) Prepositions (at, by, from) Consistency is the KEY
  • 14. • Lower Case Titles o E.g – Weak password policy in use o E.g – Cross-site request forgery (CSRF) • Same rule applies to the image captions (these are nothing but short titles).
  • 15. Capitalization in Sentences • Avoid random capitalization of letters in sentences. oE.g: URL's should not contain any Sensitive Information, for example, a session Token, as the information is often logged at various locations. oSimply: URL's should not contain any sensitive information, for example, a session token, as the information is often logged at various locations. • Capitalize proper nouns (names, countries, cities) such as the below sentence. oE.g: xyzOrg discovered multiple instances of weak physical security in SampleOrganization’s Chicago data centre.
  • 16. Software Name • It is JavaScript (abbreviated as JS) and not Javascript • jQuery and not Jquery or JQuery • Clickjacking and not ClickJacking Simply check the tool/service/software name on their official websites! This also applies to attack names. • EternalBlue • POODLE Consistency is the KEY
  • 17. Highlights and Emphasis • Make relevant highlights. • Use single or double quotes to stress on a word. Ensure consistency. • Subtitles can be emphasized by using bold (under PoC section, under Remediation). • Observe the template. If XYZ uses single quotes for highlights, continue that in your write up too. Consistency is the KEY
  • 18. Images • General points: • All images must be aligned in one specific way. • Relevant masking must be done. • Relevant highlights must be made. • Image should be clear. Consistency is the KEY
  • 19. Conclusion • Note the points discussed here • Write • Write down the points • Frame sentence around it • Ask for help • Share the responsibilities • Courses / Apps • Books/Ebooks • Checklist Consistency is the KEY