Sharing detailed reports with external individuals is not recommended. Once the report is shared with an external party, control over its distribution is difficult to guarantee. A network penetration tester should provide a summary version of the report that details scope, approach, qualifications and categorical results. This summary report is more appropriate for an organization to share.
CVSS for Penetration Test Results (Part I) | Trustwave | SpiderLabs | Trustwave
A penetration test , colloquially known as a pen test , pentest or ethical hacking , is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal. A penetration test target may be a white box which provides background and system information or black box which provides only basic or no information except the company name. A gray box penetration test is a combination of the two where limited knowledge of the target is shared with the auditor. Security issues that the penetration test uncovers should be reported to the system owner.
What Happens Once a Penetration Test Uncovers Vulnerabilities?
You forgot to provide an Email Address. This email address is already registered. Please login. You have exceeded the maximum character limit. Please provide a Corporate E-mail Address.