The detailed findings section provides an in-depth analysis of each vulnerability discovered during the penetration test. It gives technical teams a comprehensive understanding of each issue, including its severity, impact, and technical details necessary for remediation.
These are often presented with a table that identifies the vulnerability, the threat level, the risk rating, and whether the vulnerability was able to be exploited. When tailoring the report to the client’s objective and risk appetite, you may first consider elements such as critical vulnerabilities, attack vectors successfully exploited, and other results.
You can append or attach a full list of results as a separate file. This section should include steps that can be independently repeated so that findings can be validated. Some detailed findings include:
-
Vulnerability Description: A detailed explanation of the vulnerability.
-
Severity Level: The risk level associated with the vulnerability, often classified as low, medium, high, or critical.
-
Impact Analysis: The potential consequences of the vulnerability if exploited.
-
Evidence: Screenshots, logs, and other proof of the vulnerability.
-
Exploitability: Description of how the vulnerability can be exploited. #pentestreport