At RM Information Security we understand that engaging the audience is of great importance. We pride ourselves on producing a clear and concise pen test report which can be used throughout your business.
The true value of penetration testing is not realised until the test is complete and the triage /remediation begins. This is where our experience and communication skills play a vital role in supporting your business to implement security improvements.
Gaining internal support for penetration testing can be difficult, we have careful designed our reporting to provide all recipients with the data presented in a format they can use, from executives to developers.
The following is a breakdown of what you can expect to find in an RM Information Security report:
Report – CVSS ratings – The basis of our reports
Our reports compare vulnerabilities in a meaningful way that makes your life easier when planning the remediation activities post-test. We take into account the overall risk profile based on Common Vulnerability Scoring Systems ratings (CVSS – http://www.first.org/cvss/) and manual results interpretation to ensure risk is not marked unduly high or low based on the specific risk profile of your business.
Report section – Introduction
This section of the report document includes a general introduction to the project that has been delivered including the background and scope – typically summarising the details submitted in the proposal of work document.
Report section – Executive summary
An executive summary that explains the issues found in a way that non-technical personnel will appreciate. At RM Information Security we understand that engaging this audience is of great importance and we pride ourselves on producing clear and concise details that can be used throughout your business. This section will contain a high level written summary of the findings and a visual risk chart that will enable levels of risk to be assessed at a glance.
Report section – Technical summary
This section is of great importance to the remediation planning that follows the test. A table containing vulnerabilities in order of risk including:
- Rating – Critical, High, Medium, Low and Informational
- Reference number
- Vulnerability name
- Short mitigation
Report section – Detailed technical findings
Technical findings include:
- Rating – Critical, High, Medium, Low and Informational
- Reference number
- Vulerability class
- OWASP reference (where applicable)
Clear detailed text describes the findings and systems affected and may include – example code snippets or relevant technical examples that allow the issue to be easily replicated.
Technical recommendation, to mitigate the finding will include relevant external references such as OWASP good practice guides, whitepapers and other technical references. Where fixes are not available alternative workarounds will be suggested.
Report section – Appendices
The report is supported by detailed appendices containing data such as whois and port scan output
We work in line with all industry good practice to deliver consistent results; ISO27001, The Cyber Scheme, OWASP, MITRE ATT&CK
Penetration Testing Services
Get in Touch – We’re All Ears!
At RM Information Security we love to chat. Reach out to us however you feel most comfortable. We can’t wait to hear from you.
📞 Give Us a Ring:
Eager to chat? So are we! Call us directly at +44 0161 825 7 939
📧 Drop Us a Line:
More of an email person? We get it. Shoot us an email at info@rminfosec.co.uk, and we’ll get back to you pronto!
📍 Visit Our Headquarters:
Feel like having a face-to-face? You’re always welcome at our cozy office nestled in the heart of Manchester’s tech scene. Here’s where you can find us:
Manchester Technology Centre
Oxford Road
Manchester
M1 7ED
We’re looking forward to connecting with you!