|
|
|
|
|
|
by Liuser
3361 days ago
|
|
|
I used to pentest for a living. Still do some red team exercises every now and then, but far less now that I'm mainly blueteam focused. I personally organized my report into three sections, which seemed to work well. Clients seemed to enjoy the formatting: 1. Executive - Summarize everything in one page at a high level. You could skim it fast if you chose to. Highlight potential negative business impact of each finding. 2. Management - A little more detailed. 2-3 pages max. Most severe findings at the top and recommended action for remediation. 3. Narrative - This is the bulk 80-90% of the report detailing your step by step process including screenshots so that if someone wanted to duplicate your findings they could. |
|
|
This was for using citrix boxes to provide saas to a client