How the fuck do yโall write these 20 page pen-test reports?
I talk a lot irl but trying to fill this shit out to fit more pages is not working out for me. ๐
@TechEmiiily
If your company have a minimum length for reports, that's ridiculous. Report the issues, recommendations, add the executive summary, graphs, appendices if you need them, and be done with it. Who do they think the extraneous content is going to help?
@CyberSnark
How do I spin off of a bunch of fluff for a physical test that isnโt too repetitive from a cyber test?
They already submitted the cyber test so now Iโm reading it over like โsheesh I feel like Iโm repeating myselfโ
@TechEmiiily
Every pentest report I have ever seen is at least a page per item that was in scope for the test. Screenshots, narrative, recommendation is the formula given.
@TechEmiiily
You know what most pentest companies miss in their reports which is super valuable(well, to an org like ours, maybe not everyone), what you tested and *didnโt* find anything wrong with.
โGreat, you popped a DC, did you fail to pop the other 9 or didnโt have time to try them?โ