Pentest Report: Example of our reports

Our reports are detailed, comprehensive and understandable. Here you will find an example of a report that you will receive from us.

Penetration testing

Structure of pentest report

A pentest report is a document that summarizes the results of a penetration test. On this page you will find a sample report that we update regularly and is based on a real report from 2018. This will give you a good impression of our work and methodology.

The basic structure of our reports is as follows:

  1. Cover sheet
  2. Table of contents
  3. Management summary
  4. Introduction
  5. Scope
  6. Methodology
  7. General recommendations
  8. Overview of all relevant vulnerabilities
  9. Conclusion and recommendations
Download report

Management Summary

If desired, we can prepare a summary for the management. This summary is usually very brief (1-2 pages maximum) and contains only the most important points. There is a general summary of the findings with a focus on the really critical vulnerabilities and our recommendations or “action plan”.

Confirmation letter

For suppliers and SaaS in particular, we also offer the option of creating a confirmation letter. This letter confirms that a penetration test has been carried out and provides a brief overview of the results. This letter can then be passed on to customers or partners to confirm the security of their own systems.

Methodology

Our methodology is based on industry standards such as the OWASP Web Security Testing Guide and the recommendations of the German Federal Office for Information Security (BSI). We are also familiar with standards such as OSSTMM and PTEST.

In general, for us, a penetration test is ALWAYS a manual pentest of a system. Automated tools and methods help us to increase efficiency and ensure that we do not miss any obvious problems. We rely on a combination of manual and automated tests to achieve the best possible results.

The methodology is adapted depending on the customer's wishes and requirements. For example, we may pursue a red teaming approach in order to examine the security of a company holistically.

CVSS 3.1 as a scoring system

CVSS stands for Common Vulnerability Scoring System and is an industry standard for assessing the severity of vulnerabilities. CVSS 3.1 is the latest version and was published in 2019. We will certainly switch to CVSS 4.0 in the near future and adapt this page and our sample report accordingly.

General recommendations

In addition to classic security-relevant findings, which are listed, described and evaluated separately, we also provide general recommendations. These recommendations are not only related to the tested application, but are also generally valid. For example, we can indicate that a certain technology is no longer secure and should be urgently updated. Or we can give advice on how developers can program more securely in the future.

Conclusion

The conclusion is the final part of the report. Here we summarize the most important points once again and make a clear recommendation. This recommendation can be, for example, that a vulnerability should be urgently rectified or that a certain technology should no longer be used. We always try to be as specific as possible and give the customer a clear recommendation for action.

Contact DSecured

Request a penetration test