How the fuck do yโall write these 20 page pen-test reports?
I talk a lot irl but trying to fill this shit out to fit more pages is not working out for me. ๐
51
10
214
Replies
@TechEmiiily
Pictures & recommendations, you welcome ;)
Also an attack narrative section is usually pretty chunky.
1
1
17
@TechEmiiily
20 pages of text? Or 20 pages including tables, graphics, screenshots, tool output, and vulnerability information?
1
1
15
@AccidentalCISO
20 pages in general between all of what you stated is the average of samples I see
0
1
1
@TechEmiiily
If your company have a minimum length for reports, that's ridiculous. Report the issues, recommendations, add the executive summary, graphs, appendices if you need them, and be done with it. Who do they think the extraneous content is going to help?
1
0
10
@0xTib3rius
My company doesnโt have a minimum limit Iโm just seeing averages from samples and theyโre all 20-50 pages minimum ๐ญ
2
1
2
@CyberSnark
How do I spin off of a bunch of fluff for a physical test that isnโt too repetitive from a cyber test?
They already submitted the cyber test so now Iโm reading it over like โsheesh I feel like Iโm repeating myselfโ
3
0
4
@TechEmiiily
Every pentest report I have ever seen is at least a page per item that was in scope for the test. Screenshots, narrative, recommendation is the formula given.
0
0
8
@TechEmiiily
My reports are between 40 and 60 pages. Thereโs also a very short PowerPoint presentation that summarizes the findings.
1
0
1
@TechEmiiily
You know what most pentest companies miss in their reports which is super valuable(well, to an org like ours, maybe not everyone), what you tested and *didnโt* find anything wrong with.
โGreat, you popped a DC, did you fail to pop the other 9 or didnโt have time to try them?โ
2
0
7
@cricket_hippo
This was a physical test so I donโt even have the luxury of putting fluff like that in there. ๐ญ
0
0
1