Writing an Effective Penetration Testing Report: An Executive View - Softcover

Synopsis

Penetration test or pentest is a typical security assessment which is the process to gain access to specific information assets (eq. computer systems, network infrastructure, or application). Penetration test simulates the attack performed internally or externally by the attackers which has the intention to find security weaknesses or vulnerabilities and validate the potential impacts and risks should those vulnerabilities being exploited. Security issues found through penetration test are presented to the system’s owner, data owner or risk owner. Effective penetration test will support this information with accurate assessment of the potential impacts to the organization and range of technical and procedural safeguards should be planned and executed to mitigate risks. Many penetration testers are in fact very good in technical since they have skills needed to perform all of the tests, but they are lack of report writing methodology and approach which create a very big gap in penetration testing cycle. A penetration test is useless without something tangible to give to a client or senior management. Report writing is a crucial part for any service providers (eq. IT service/advisory). A report should detail the outcome of the test and, if you are making recommendations, document the recommendations to secure any high-risk systems. The target audience of a penetration testing report will vary, technical report will be read by IT or any responsible information security people while executive summary will definitely be read by the senior management. Writing an effective penetration testing report is an art that needs to be learned and to make sure that the report will deliver the right information to the targeted audience. After reading the book, you will be able to: understand on how to create a good and effective penetration testing report; understand the mechanism to provide an effective deliverables; apply risk management knowledge & skills and blend them in your deliverables.

"synopsis" may belong to another edition of this title.