When conducting post-report-delivery activities:

  • Verify that you have removed any remaining artifacts of the test.
  • During formal hand-off of the report, be prepared to have a discussion about the contents of the report.
  • Get confirmation from the client that they agree that the testing is complete and that they accept the report's findings and conclusions.
  • Find out what the client needs as far as proof of vulnerability or exploitation.
  • Provide proof of your tests as needed.
  • Draft a lessons learned report by asking yourself what did or did not go well during the test.
  • Identify areas of improvement for the pen test team's processes and tools.
  • Identify any follow-up actions that need to be performed.
  • Identify who will be performing these actions.