The report is split into 2 sections: An Executive Summary and Technical Report.
Executive SummaryHigh-level, non-technical overview of the overall risk assessment and findings
Confirmation of the pen testing plan and methodology
An overview of the security risks & business impact of the discovered threats
Technical ReportDescription of steps taken during the assessment
Detailed report & description and evidence of vulnerabilities identified, including their Common
Vulnerability Scoring System
(CVSS) and priority for remediation.
Evidence and proof-of-concept information for target exploitation.
Detailed steps on how to remediate any vulnerabilities and a guide on how to prevent future cyber treats.
Additional details, such as penetration testing tools used during the assessment, experts involved, checklists etc.