{"id":4385,"date":"2021-04-15T08:44:38","date_gmt":"2021-04-15T06:44:38","guid":{"rendered":"https:\/\/wp.pentestfactory.de\/sample-report\/"},"modified":"2026-05-12T13:39:47","modified_gmt":"2026-05-12T11:39:47","slug":"sample-report","status":"publish","type":"page","link":"https:\/\/www.pentestfactory.de\/en\/sample-report\/","title":{"rendered":"Sample Report"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t
\n\t\t\t\n\t\n<\/svg>\t\t<\/div>\n\t\t\t\t
\n\t\t\t\n\t\n<\/svg>\t\t<\/div>\n\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
Approach<\/h5>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Sample Report<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

A qualitative report is essential for every penetration test. Comprehensive descriptions on the technical and management level give a clear understanding of all vulnerabilities.
<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Management Summary<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Our final report includes a non-technical summary of the project and all identified findings for the management level. All findings are summarized concisely.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Approach, Scope and Tools<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In addition, our final report includes a comprehensive description of the testing methods used, the system analyzed, and the scope of the test, as well as the tools and scripts employed during the penetration test. <\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Findings and Recommendations<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In addition, our final report contains a detailed, technical description of all identified findings. You receive a detailed recommendation for the remediation of every vulnerability. This aids technical personnel, such as administrators or developers.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Standardized Risk Rating<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

We adhere to recognized standards like the OWASP risk rating procedure for the scoring of identified vulnerabilities. The risk of a vulnerability is based on its likelihood and impact.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"Table<\/figure><\/a><\/div>
\"Management<\/figure><\/a><\/div>
\"Management<\/figure><\/a><\/div>
\"Our<\/figure><\/a><\/div>
\"Test<\/figure><\/a><\/div>
\"Vulnerability<\/figure><\/a><\/div>
\"Vulnerability<\/figure><\/a><\/div>
\"Vulnerability<\/figure><\/a><\/div>
\"Our<\/figure><\/a><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t<\/i>\t\t\t\t\t<\/div>\n\t\t\t\t\t
\n\t\t\t\t\t\t<\/i>\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t<\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\tOPEN CONFIGURATOR<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

OWASP Risk Rating Procedure<\/h2>
<\/div><\/div>\t\t\t\t
\n\t\t\t\t\t

The risk rating is assigned following the OWASP risk rating procedure, which is based on the factors probability and impact. In the following, our risk rating matrix can be seen:<\/p>\n\t\t\t\t<\/div>\n\t\t\t<\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n \n\n
\n
\n
\n \"\" <\/div>\n <\/div>\n
\n \t\t \t

These vulnerabilities can be abused by attackers with low technical knowledge using publicly available exploits.<\/p>\n <\/div>\n \n \n <\/div>\n <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n \n\n
\n
\n
\n \"\" <\/div>\n <\/div>\n
\n \t\t \t

Vulnerabilities that can be exploited manually by an attacker. No publicly known exploits exist.<\/p>\n <\/div>\n \n \n <\/div>\n <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n \n\n
\n
\n
\n \"\" <\/div>\n <\/div>\n
\n \t\t \t

Vulnerabilities that allow an attacker to access sensitive functions or information. The privileges an attacker can obtain through exploitation of these vulnerabilities is limited.<\/p>\n <\/div>\n \n \n <\/div>\n <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n \n\n
\n
\n
\n \"\" <\/div>\n <\/div>\n
\n \t\t \t

Vulnerabilities, which do not pose an immediate risk, but may serve as a platform for further attacks.<\/p>\n <\/div>\n \n \n <\/div>\n <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n \n\n
\n
\n
\n \"\" <\/div>\n <\/div>\n
\n \t\t \t

Useful information that might indicate potential errors. These findings do not constitute a security risk, but should be evaluated.\u200b<\/p>\n <\/div>\n \n \n <\/div>\n <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Alternatively, we offer a risk assessment method based on CVSS. More Information can be found in the CVSS specification<\/a>.\"\"<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Frequent questions regarding penetration tests (FAQ)<\/h2>
<\/div><\/div><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tWhen can we expect the final report?<\/a>\n\t\t\t\t\t<\/h5>\n\n\t\t\t\t\t

Our reports are generally delivered within 1-2 weeks after the penetration test has ended. Should you require an earlier transmission of test results, please address this topic in our common kick off meeting. For time-critical projects we gladly share our results earlier, if possible.<\/p>\n

More information, as well as a sample report can be found here<\/a>.<\/p>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t

\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tHow is the final reported transmitted?<\/a>\n\t\t\t\t\t<\/h5>\n\n\t\t\t\t\t

All sensitive documents or credentials are provided via our encrypted file exchange platform. The end-to-end encryption takes place on the transport layer (TLS), as well as the file layer (AES-256). We host our own platform independently on German servers. The document retrieval is accountable and automatically deactivated after 30 days with a subsequent full data erasure.<\/p>\n

Via this exchange platform you will receive an e-mail with a secure link for the retrieval of our final report (PDF). Furthermore, you will receive optional log data or proof-of-concept exploits in a ZIP folder.<\/p>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t

\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tWhat report languages are available?<\/a>\n\t\t\t\t\t<\/h5>\n\n\t\t\t\t\t

We provide both German and English versions of all our tests and final documents that you receive from us. Our employees are fluent in the language. <\/p>\n

The language of the report can be selected in the configurator. Furthermore, this topic will be discussed again at the joint kick-off meeting. <\/p>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t

\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tDo you offer any other risk assessment methods?<\/a>\n\t\t\t\t\t<\/h5>\n\n\t\t\t\t\t

If you need a customized method for assessing the criticality of identified vulnerabilities, please feel free to discuss this with us. Provided your risk assessment method follows a standard and is transparent, we will generally accommodate your request. <\/p>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Approach Sample Report A qualitative report is essential for every penetration test. Comprehensive descriptions on the technical and management level give a clear understanding of all vulnerabilities. Management Summary Our final report includes a non-technical summary of the project and all identified findings for the management level. All findings are summarized concisely. Approach, Scope and […]<\/p>\n","protected":false},"author":6,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-4385","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/pages\/4385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/comments?post=4385"}],"version-history":[{"count":2,"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/pages\/4385\/revisions"}],"predecessor-version":[{"id":45686,"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/pages\/4385\/revisions\/45686"}],"wp:attachment":[{"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/media?parent=4385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}