Clear reporting

Reporting

At RM Information Security we understand that engaging the audience is of great importance. We pride ourselves on producing clear and concise reports which can be used throughout your business.

The true value of penetration testing is not realised until the test is complete and the triage /remediation begins. This is where our experience and communication skills play a vital role in supporting your business to implement security improvements. 

Gaining internal support for penetration testing can be difficult, we have careful designed our reporting to provide all recipients with the data presented in a format they can use, from executives to developers.

The following is a breakdown of what you can expect to find in an RM Information Security report:


Report - CVSS ratings - The basis of our reports 

Our reports compare vulnerabilities in a meaningful way that makes your life easier when planning the remediation activities post-test. We take into account the overall risk profile based on Common Vulnerability Scoring Systems ratings (CVSS - http://www.first.org/cvss/) and manual results interpretation to ensure risk is not marked unduly high or low based on the specific risk profile of your business.  

Report section – Introduction

This section of the report document includes a general introduction to the project that has been delivered including the background and scope – typically summarising the details submitted in the proposal of work document.

Report section - Executive summary

An executive summary that explains the issues found in a way that non-technical personnel will appreciate. At RM Information Security we understand that engaging this audience is of great importance and we pride ourselves on producing clear and concise details that can be used throughout your business. This section will contain a high level written summary of the findings and a visual risk chart that will enable levels of risk to be assessed at a glance.

Report section - Technical summary

This section is of great importance to the remediation planning that follows the test. A table containing vulnerabilities in order of risk including:

  • Rating - Critical, High, Medium, Low and Informational
  • Reference number
  • Vulnerability name
  • Short mitigation

Report section – Detailed technical findings

Technical findings include:

  • Rating - Critical, High, Medium, Low and Informational
  • Reference number
  • Vulerability class
  • OWASP reference (where applicable)

Clear detailed text describes the findings and systems affected and may include - example code snippets or relevant technical examples that allow the issue to be easily replicated. 

Technical recommendation, to mitigate the finding will include relevant external references such as OWASP good practice guides, whitepapers and other technical references. Where fixes are not available alternative workarounds will be suggested.

Report section – Appendices

The report is supported by detailed appendices containing data such as whois and port scan output 



How we work

FOLLOW US

ADDRESS
Peter House
Oxford Street
Manchester
M1 5AN

© RM Information Security Limited 2017.
All rights reserved.

CONTACT
Email: info@rminfosec.co.uk
Phone: +44 (0) 161 209 3939