A qualitative report is essential for every penetration test. Comprehensive descriptions on the technical and management level give a clear understanding of all vulnerabilities.
Our final report includes a non-technical summary of the project and all identified findings for the management level. All findings are summarized concisely.
Approach, Scope and Tools
Furthermore, our final report includes a detailed description of our testing methodology, the analysed test target, scope and used tooling.
Findings and Recommendations
In addition, our final report contains a detailed, technical description of all identified findings. You receive a detailed recommendation for the remediation of every vulnerability. This aids technical personnel, such as administrators or developers.
Standardized Risk Rating
We adhere to recognized standards like the OWASP risk rating procedure for the scoring of identified vulnerabilities. The risk of a vulnerability is based on its likelihood and impact.
OWASP Risk Rating Procedure
The risk rating is assigned following the OWASP risk rating procedure, which is based on the factors probability and impact. In the following, our risk rating matrix can be seen: