Tailored reporting
Reporting is a key part of the information security testing process, but not all reporting is created equal. Find out how our reporting goes further.
Our approach to reporting
Our reporting process can tailored to your specific needs and can be adapted to your ways of working. Not only will our reporting approach help you understand your current situation and outline the vulnerabilities found, it will provide you with thorough remediation advice and assurances that you, your customers, suppliers, and partners require.
Below are just some of the ways we can tailor our reporting process to better suit your organization and provide you with the robust assurances needed.
In-test notifications
Clients often like to know when a high-risk vulnerability has been found during a test, that way they can start remediation efforts straight away. We can provide tailored in-test updates via email, phone or via communication channels such as Slack, alerting you to any high-level findings.
Initial summary
Full test reports take a few days to compile, so, to satisfy any immediate report requirements we can provide a summary of findings at the end of the testing period. This summary will outline the overall number of vulnerabilities found and a brief description of each.
Full test report
A full test report will be delivered within 10 working days, however, we can work to tighter timeframes where required. Our final report is not just a list of findings, but an analysis of these findings backed by technical evidence that includes a prioritized listing of the vulnerabilities, their implications and recommendations for addressing identified security risks in a planned manner.
Each report undergoes an internal quality assurance process before delivery and reports will be delivered securely via encrypted email or thorough a dedicated platform for sharing reports and associated documentation such as proof of concept videos. Where required, we can work to your individual report delivery requirements.
Want to see what a Pentest report looks like? We can provide a sample report on request.
Post-test support
At Pentest, we see ourselves as more than just a test provider, this means that our job doesn’t finish on the delivery of a report. We understand that clients often require further help in understanding the findings within a report and support with remediation efforts.
We will continue to provide access to the consultants that were involved in the test after the report has been delivered. This is extremely beneficial to our client’s security improvement efforts and allows our consultants to assist with the interpretation of report findings, pass on their wealth of expertize and support internal teams/external suppliers during the remediation process.
ASVS/MASVS Reporting
We can provide reporting to OWASP Application/Mobile Application Security Verification Standards where required. This provides further evidence on the scope of the test, a verification checklist, test results outlined to ASVS/MASVS requirements (both passed and failed) & clear indication to how failed tests are to be resolved.
Ticketing integration
We can integrate our report findings into existing ticketing systems (Threadfix, Jira & JSON files) & can develop additional integrations where required. This means issues can be distributed effectively to stakeholders and work can be quickly progressed, as well as tracked.
Report walkthrough
We can conduct a full walkthrough presentation of our report, helping support your internal teams, external security vendors (SOC/SEIM etc) and/or any key stakeholders, such as senior management. Our walkthroughs will explain the vulnerabilities found, the exploits used, our risk ratings and our remediation advice.
Evidence of testing
Our clients often need to supply evidence of testing to external partners/clients. We understand they may not wish to share a full technical report, in response we can supply additional documentation to provide proof of testing and satisfy security assurance requirements.
We're here to give you confidence in your information security.
Contact our team today and find out how our services can help you obtain the information security assurance you need.
