{"id":4385,"date":"2021-04-15T08:44:38","date_gmt":"2021-04-15T06:44:38","guid":{"rendered":"https:\/\/wp.pentestfactory.de\/sample-report\/"},"modified":"2021-05-18T13:52:00","modified_gmt":"2021-05-18T13:52:00","slug":"sample-report","status":"publish","type":"page","link":"https:\/\/www.pentestfactory.de\/en\/sample-report\/","title":{"rendered":"Sample Report"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t
\n\t\t\t\n\t\n<\/svg>\t\t<\/div>\n\t\t\t\t
\n\t\t\t\n\t\n<\/svg>\t\t<\/div>\n\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
Procedure<\/h5>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Sample Report<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

A qualitative report is essential for every penetration test. Comprehensive descriptions on the technical and management level give a clear understanding of all vulnerabilities.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Management Summary<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Our final report includes a non-technical summary of the project and all identified findings for the management level. All findings are summarized concisely.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Approach, Scope and Tools<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Furthermore, our final report includes a detailed description of our testing methodology, the analysed test target, scope and used tooling.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Findings and Recommendations<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In addition, our final report contains a detailed, technical description of all identified findings. You receive a detailed recommendation for the remediation of every vulnerability. This aids technical personnel, such as administrators or developers.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Standardized Risk Rating<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

We adhere to recognized standards like the OWASP risk rating procedure for the scoring of identified vulnerabilities. The risk of a vulnerability is based on its likelihood and impact.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"Our<\/figure><\/div>
\"Our<\/figure><\/div>
\"Test<\/figure><\/div>
\"Vulnerability<\/figure><\/div>
\"Vulnerability<\/figure><\/div>
\"Vulnerability<\/figure><\/div>
\"Management<\/figure><\/div>
\"Management<\/figure><\/div>
\"Table<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t<\/i>\t\t\t\t\t<\/div>\n\t\t\t\t\t
\n\t\t\t\t\t\t<\/i>\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t<\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\tOPEN CONFIGURATOR<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

OWASP Risk Rating Procedure<\/h2>
<\/div><\/div>\t\t\t\t
\n\t\t\t\t\t

The risk rating is assigned following the OWASP risk rating procedure, which is based on the factors probability and impact. In the following, our risk rating matrix can be seen:<\/p>\n\t\t\t\t<\/div>\n\t\t\t<\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n \n\n
\n
\n
\n \"\" <\/div>\n <\/div>\n
\n \t\t \t

These vulnerabilities can be abused by attackers with low technical knowledge using publicly available exploits.<\/p>\n <\/div>\n \n \n <\/div>\n <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n \n\n
\n
\n
\n \"\" <\/div>\n <\/div>\n
\n \t\t \t

Vulnerabilities that can be exploited manually by an attacker. No publicly known exploits exist.<\/p>\n <\/div>\n \n \n <\/div>\n <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n \n\n
\n
\n
\n \"\" <\/div>\n <\/div>\n
\n \t\t \t

Vulnerabilities that allow an attacker to access sensitive functions or information. The privileges an attacker can obtain through exploitation of these vulnerabilities is limited.<\/p>\n <\/div>\n \n \n <\/div>\n <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n \n\n
\n
\n
\n \"\" <\/div>\n <\/div>\n
\n \t\t \t

Vulnerabilities, which do not pose an immediate risk, but may serve as a platform for further attacks.<\/p>\n <\/div>\n \n \n <\/div>\n <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n \n\n
\n
\n
\n \"\" <\/div>\n <\/div>\n
\n \t\t \t

Useful information that might indicate potential errors. These findings do not constitute a security risk, but should be evaluated.\u200b<\/p>\n <\/div>\n \n \n <\/div>\n <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Optionally, we offer a risk rating procedure using CVSS v3. More Information can be found in the CVSS specification<\/a>.\"\"<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Procedure Sample Report A qualitative report is essential for every penetration test. Comprehensive descriptions on the technical and management level give a clear understanding of all vulnerabilities. Management Summary Our final report includes a non-technical summary of the project and all identified findings for the management level. All findings are summarized concisely. Approach, Scope and […]<\/p>\n","protected":false},"author":6,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-4385","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/pages\/4385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/comments?post=4385"}],"version-history":[{"count":0,"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/pages\/4385\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.pentestfactory.de\/en\/wp-json\/wp\/v2\/media?parent=4385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}