When writing and handling reports:
- Normalize data to reduce redundancy and increase integrity.
- Consider including the following sections in your report:
- Executive summary
- Methodology
- Findings and remediation
- Metrics and measures
- Risk rating
- Conclusion
- Supporting evidence
- Work with the client to determine their risk appetite.
- Write your report to speak to the client's risk appetite.
- Determine the file format for the report, such as Microsoft Word, OpenOffice, or HTML documents.
- Determine where the report will be securely stored.
- Follow best practices for securely handling the report.
- Determine how formal hand-off of the report will happen between your pen testing team and the client.