Next Level Reporting: Our New Test Report Ensures Transparent and Comprehensible Pentest Results

8. April 2022

A meaningful result is an essential part of a thorough security analysis. The majority of pentest result reports focus on the identified vulnerabilities. Here's the problem: The scope of the tested environment is not apparent from this and is not comprehensible for you. That's not sufficient for us.

Stephan Neumann Pentest

"It is important to us not only to perform qualitative analyses, but also to provide you with detailed documentation of the tests performed. With our test reports, we make our analyses transparent and demonstrate our quality standards. In 2021, we have taken our reporting to the next level."

Stephan Neumann
Head of usd HeroLab

We provide transparency for you in our test report

As demand for pentests increases, there are also an increasing number of providers competing, which makes it difficult for companies to evaluate differences in the quality of pentests ideally before a contract is signed. This is because the conducting of the actual pentest remains a black box from the client's point of view:

A final report merely documents which vulnerabilities were identified during the pentest. The report does not contain any information about whether and to what extent a function was tested. Our test report creates more transparency: It is an additional document that summarizes the scope as well as the result of the analysis. Here, we show which attack vectors were tested in connection with which functions and with what result - even if no vulnerability was identified there. This gives you greater transparency and allows you to evaluate the quality of our analysis.

Comprehensible pentest results

The best security analysis does not provide any benefit if the findings are not presented in a comprehensible and well-structured manner and not included concrete recommended measures. This is why we have fundamentally revised our pentest results reports and added a lot of useful information. By categorizing findings, for example, it is possible to identify fundamental issues. For example, many findings in "handling user data" within a web application indicate a lack of awareness of injection attacks among developers. Overall, we have revised the structure and presentation of the findings in our report and added internal references to improve legibility.

Reporting customized to your needs

The results of the technical analysis lead to extensive subsequent measures at your company:

  • The results have to be processed further within the company
  • Task have to be assigned to the right persons
  • Remediation measures must be implemented, tracked and documented

Many companies use their own systems for this, for example based on Jira. For this purpose, we can easily provide a tabular summary of the results in a suitable import format. If requested, we can also use the company's own templates for the documentation of pentest results.


Are you interested in a pentest or do you need support?

Please do not hesitate to contact us.

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories