Skip to content
Home » How we work » Pen Test Report

Pen Test Report

At RM Information Security we understand that engaging the audience is of great importance. We pride ourselves on producing a clear and concise pen test report which can be used throughout your business.

The true value of penetration testing is not realised until the test is complete and the triage /remediation begins. This is where our experience and communication skills play a vital role in supporting your business to implement security improvements. 

Gaining internal support for penetration testing can be difficult, we have careful designed our reporting to provide all recipients with the data presented in a format they can use, from executives to developers.

Pen Test Report
Pen Test Report

The following is a breakdown of what you can expect to find in an RM Information Security report:

Report – CVSS ratings – The basis of our reports 

Our reports compare vulnerabilities in a meaningful way that makes your life easier when planning the remediation activities post-test. We take into account the overall risk profile based on Common Vulnerability Scoring Systems ratings (CVSS – http://www.first.org/cvss/) and manual results interpretation to ensure risk is not marked unduly high or low based on the specific risk profile of your business.  

Report section – Introduction

This section of the report document includes a general introduction to the project that has been delivered including the background and scope – typically summarising the details submitted in the proposal of work document.

Report section – Executive summary

An executive summary that explains the issues found in a way that non-technical personnel will appreciate. At RM Information Security we understand that engaging this audience is of great importance and we pride ourselves on producing clear and concise details that can be used throughout your business. This section will contain a high level written summary of the findings and a visual risk chart that will enable levels of risk to be assessed at a glance.

Report section – Technical summary

This section is of great importance to the remediation planning that follows the test. A table containing vulnerabilities in order of risk including:

  • Rating – Critical, High, Medium, Low and Informational
  • Reference number
  • Vulnerability name
  • Short mitigation

Report section – Detailed technical findings

Technical findings include:

  • Rating – Critical, High, Medium, Low and Informational
  • Reference number
  • Vulerability class
  • OWASP reference (where applicable)

Clear detailed text describes the findings and systems affected and may include – example code snippets or relevant technical examples that allow the issue to be easily replicated. 

Technical recommendation, to mitigate the finding will include relevant external references such as OWASP good practice guides, whitepapers and other technical references. Where fixes are not available alternative workarounds will be suggested.

Report section – Appendices

The report is supported by detailed appendices containing data such as whois and port scan output

We work in line with all industry good practice to deliver consistent results; ISO27001The Cyber SchemeOWASPMITRE ATT&CK

Penetration Testing Services

Get In Touch Today