Penetration Testing
Sample Report (Redacted)
This is a preview of how we structure reports for both leadership and technical teams.
Want a downloadable PDF version?
Upload your PDF to /assets/docs/sample-pentest-report.pdf and this button will work immediately.
1) Executive Summary
- Engagement objective and high-level scope
- Overall risk posture (what matters most to the business)
- Top findings and themes
- Recommended next steps (program-level)
2) Scope & Methodology
- In-scope targets and environments
- Rules of engagement (constraints, windows, escalation)
- Testing approach and validation notes
- AI augmentation disclosure (if used) and human verification statement
3) Findings Summary (Example)
Redacted example table:
| ID | Title | Severity | Status |
|---|---|---|---|
| PT-001 | Broken object-level authorization (BOLA) | High | Open |
| PT-002 | Misconfigured identity policy enabling risky access path | High | Open |
| PT-003 | Sensitive data exposure via verbose error handling | Medium | Open |
4) Finding Detail (Example)
PT-001 β Broken Object-Level Authorization (BOLA)
- Description: Access control allowed a low-privileged user to retrieve another userβs object.
- Impact: Unauthorized data access; potential compliance implications depending on data type.
- Evidence: Redacted request/response samples and screenshots.
- Reproduction steps: Clear, numbered steps suitable for engineering teams.
- Remediation guidance: Authorization checks at the object level; deny-by-default patterns.
- Validation: Retest confirms fix after deployment (included).
5) Retest Validation Summary
- Status changes for retested findings
- Notes on residual risk (if any)
- Evidence of remediation effectiveness
Retest included β within the agreed retest window after remediation deployment.