Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Penetration Testing: Re: web app pentest report

Re: web app pentest report

From: Jason <securitux_at_gmail.com>
Date: Wed, 6 Aug 2008 23:44:15 -0700

I don't have a template however the report must have the standards. At
the basic level, exec summary, breakdown of areas assessed as per
OWASP with the number of issues found in each as kind of a summary,
and then detailed list. Here's the key, and one which will make a
difference... for each issue outline 1) the issue, 2) an example with
explanation, and 3) HOW TO FIX THE ISSUE!! You would not believe what
comes out of some companies which give no explanation on how to remedy
an issue, just what the issue is and some link to a reference. When I
tell my clients how to fix the issue, they love the report because
apparently they don't ever get that from other larger firms.. I ask
them what are they paying for then?

Look also at the report standard for OSSTMM. That's a good guide as to
how a report should look. Alter it around for an app assessment.

-J

On Wed, Aug 6, 2008 at 4:37 PM, ChElAnO <chelano_at_gmail.com> wrote:
> hi guys.
> This is one of my first posts but i've been reading the list for a
> long time now. I have learned a lot just from reading the questions
> and answers posted in this list, its great.
> I am a computer science student and i'm very into computer security
> for a time now. Thanks to the little knowledge i have, i got a
> contract for a web app pentest for a firm in which one of my teachers
> works.
> I already know and tested the bugs and vulnerabilities, the problem is
> that its the first time i do this and im not sure how to write the
> report. I read the Owasp testing guide and got the template, but still
> im not sure.
>
> If anyone could point me to some links or a template for the report i
> would apreciate it very much
>
> thanks in advance,
> regards.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Aug 07 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]