skip to navigation. Skip to the content.
> Pentest > Documentation vertical divider

Phase 4 - Documentation: Collecting Results

Documentation Documentation is an essential part of every penetration test. During the pentest, all steps leading to a successful attack are thoroughly documented. This ensures that after the test, everything can be reconstructed in detail. At the end of the pentest, this documentation is used as the basis for an individual report, which makes the results of the test understandable for the technical administration, as well as the management. The page count of such a report normally ranges in the three digit numbers. The whole report is written by the pentesters who performed the test, to ensure that the documentation optimally covers the pentest results and contains all the important details concerning individual findings.

Long Story Short

Detailed pentest report

The report consists of several parts. At the beginning, there is a short executive summary, which summarises on a few pages all important results of the pentest in a concise overview. This report is consciously held nontechnical, to enable everyone to get an overview of the risk potential at hand and to develop an objective basis for further decisions, even without intricate technical knowledge.

Details and Technical Aspects

Overall, we were very impressed with the high level of professionality and competence of RedTeam Pentesting. They demonstrated deep knowledge with respect to many different systems ranging from Windows to Unix-based systems, to low-level administration tools that are hardly known, to development problems in languages such as PHP which may lead to new exploits. The knowledge that we aquired during the penetration test with them helped us to improve our system administration and increase the security of our systems.
CSO, Telecommunications

The second part is a comprehensive technical report with a detailed description of the vulnerabilities that were discovered. This makes the pentest transparent and comprehensible for technically educated people. For every security flaw, extensive documentation is provided that precisely describes the technical background of the security vulnerability and how it may be exploited. Additionally, a risk analysis shows the potential risks of the flaw in the overall context of the tested systems. Finally, constructive solution proposals are given for the respective problem, to directly provide ideas for improvement based on best-practice approaches.