- Understand who is going to be reading this and who is the target audience?
- The report needs to clear that a non-technical person would understand
- Report should include the following:
- Executive Summary
- Technical Summary
- Detail Report of findings
- Recommendations for remediation (If possible)
Resources:
- https://blog.zsec.uk/ltr101-pentest-reporting/
- https://github.com/juliocesarfort/public-pentesting-reports
Public Pentesting Reports: