The report presents result of the mobile security review process and for best flow of the process it is recommended to fill it continuously when proceeding through reviewing steps. Beside description of all findings that had been gathered, the report should also contain a final summary with recommendations and examples of risks. A complete report should contain:
- Basic project information
- Project assumptions
- Excerpt from static analysis tool report
- Overall review of code quality
- List of project assets
- Risk analysis and assessment based on assets list
- Overall estimated risk of the project
- Netguru security level classification
- List of requirements for assigned security level
- Static and dynamic verification of the security requirements
- List of bugs, security breaches or possible data leaks
- Improvements recommendations
- Overall summary of the project analysis