Next Level Reporting: Our New Test Report Ensures Transparent and Comprehensible Pentest Results

8. April 2022

A meaningful result is an essential part of a thorough security analysis. The majority of pentest result reports focus on the identified vulnerabilities. Here's the problem: The scope of the tested environment is not apparent from this and is not comprehensible for you. That's not sufficient for us.

Stephan Neumann Pentest

"It is important to us not only to perform qualitative analyses, but also to provide you with detailed documentation of the tests performed. With our test reports, we make our analyses transparent and demonstrate our quality standards. In 2021, we have taken our reporting to the next level."

Stephan Neumann
Head of usd HeroLab

We provide transparency for you in our test report

As demand for pentests increases, there are also an increasing number of providers competing, which makes it difficult for companies to evaluate differences in the quality of pentests ideally before a contract is signed. This is because the conducting of the actual pentest remains a black box from the client's point of view:

A final report merely documents which vulnerabilities were identified during the pentest. The report does not contain any information about whether and to what extent a function was tested. Our test report creates more transparency: It is an additional document that summarizes the scope as well as the result of the analysis. Here, we show which attack vectors were tested in connection with which functions and with what result - even if no vulnerability was identified there. This gives you greater transparency and allows you to evaluate the quality of our analysis.

Comprehensible pentest results

The best security analysis does not provide any benefit if the findings are not presented in a comprehensible and well-structured manner and not included concrete recommended measures. This is why we have fundamentally revised our pentest results reports and added a lot of useful information. By categorizing findings, for example, it is possible to identify fundamental issues. For example, many findings in "handling user data" within a web application indicate a lack of awareness of injection attacks among developers. Overall, we have revised the structure and presentation of the findings in our report and added internal references to improve legibility.

Reporting customized to your needs

The results of the technical analysis lead to extensive subsequent measures at your company:

  • The results have to be processed further within the company
  • Task have to be assigned to the right persons
  • Remediation measures must be implemented, tracked and documented

Many companies use their own systems for this, for example based on Jira. For this purpose, we can easily provide a tabular summary of the results in a suitable import format. If requested, we can also use the company's own templates for the documentation of pentest results.


Are you interested in a pentest or do you need support?

Please do not hesitate to contact us.

Also interesting:

PCI DSS v4.0.1: Are You Ready for the Future-dated Requirements? 

PCI DSS v4.0.1: Are You Ready for the Future-dated Requirements? 

With the publication of PCI DSS v4.0.1, at the latest, the requirements introduced with version 4.0 of the credit card data security standard are yesterday's news - or so one would think. After all, many PCI DSS v4.0 assessments have already been carried out in the...

Security Advisory on AXIS Webcam

Security Advisory on AXIS Webcam

The pentest professionals at usd HeroLab examined the AXIS Webcam (P1364) during their pentests. Our professionals discovered a vulnerability (cross-site request forgery) in the admin panel of AXIS P1364 Webcam. Exploiting this vulnerability enables an attacker to...

Categories

Categories