Phase 4 - Documentation: Collecting Results
Documentation is an essential part of every penetration test. During the
pentest, all steps leading to a successful attack are thoroughly documented.
This ensures that after the test, everything can be reconstructed in detail. At
the end of the pentest, this documentation is used as the basis for an
individual report, which makes the results of the test understandable for the
technical administration, as well as the management. The page count of such a
report normally ranges in the three digit numbers. The whole report is written
by the pentesters who performed the test, to ensure that the documentation
optimally covers the pentest results and contains all the important details
concerning individual findings.
Long Story Short

The report consists of several parts. At the beginning, there is a short executive summary, which summarises on a few pages all important results of the pentest in a concise overview. This report is consciously held nontechnical, to enable everyone to get an overview of the risk potential at hand and to develop an objective basis for further decisions, even without intricate technical knowledge.
Details and Technical Aspects
We have repeatedly had a very positive experience with RedTeam's services. The gained insights contribute significantly to the advancement of our project. RedTeam prove themselves through their outstanding service orientation which cannot be taken for granted on the German market. We also enjoyed the pleasant, relaxed and collegial interaction. We can therefore nothing but recommend RedTeam.
The second part is a comprehensive technical report with a detailed description of the vulnerabilities that were discovered. This makes the pentest transparent and comprehensible for technically educated people. For every security flaw, extensive documentation is provided that precisely describes the technical background of the security vulnerability and how it may be exploited. Additionally, a risk analysis shows the potential risks of the flaw in the overall context of the tested systems. Finally, constructive solution proposals are given for the respective problem, to directly provide ideas for improvement based on best-practice approaches.