- Severity is subjective based on impact but also likelihood
- Like web app critical bug where you can do XSS and gain admin
- BUT it’s only accessible from specific IPs (IP whitelisting)
- It won’t be a critical. Maybe moderate to high because low likelihood
- It’s normal to go back and forth with the client to agree on the actual severity of something like this
- Scope (already did this before)
- Scope Exclusions
- Scoping and Time Limitation
- Testing Summary
- What we did, overview, without the tools.
- Findings “insufficient authentication controls (Finding EPT-num)”
- What that gave us access to. Information, applications,
- Additional stuff like the passwords sheet
- Moderate, low, or informational don’t get included in this
- Unless their pentest was clean, then you can fill this with these findings
- Key Strengths and Weaknesses
- External Penetration Test Findings (Report Card)
- Finding, Severity, Recommendation
- Technical Findings
- From most critical to least critical
- Description, Risk, Tools Used, References, Evidence screenshot with figure caption, Remediation
- Under risk: Likelihood + Impact
- Additional Scans and Reports
- Nessus scan (DC_External.nessus)
- Summary PDF
- Detailed PDF
- Detailed HTML
Search