Blog
Sep 3, 2013
Penetration Test Report 2013
We are proud to release a new, updated, sample penetration test report. This report accurately reflects the types of assessments we conduct for our clients. It incorporates changes we have made over the last two years based on customer feedback, as well as reflecting many of the types of attacks we have found to be effective in multiple customer environments.
3 min read
Offsec Pentesting Report Updated
We are proud to release a newly updated sample penetration test report. This report accurately reflects the types of assessments we conduct for our clients, incorporating changes we have made over the last two years based on customer feedback, as well as reflecting many of the types of attacks we have found to be effective in multiple customer environments.
Our last publicly released penetration test sample report generated a lot of discussion on what should, and should not, be in a report. Blogs were inspired by it, universities have used it in classes as part of their courseware, and overall it has become the gold standard that other reports are compared to.
While a lot of that is flattering, there is something important to remember: Our penetration test reports are designed to convey information that is relevant for the type of penetration tests that we conduct. We strive to structure our penetration tests in a manner that accurately simulates the actions of a highly skilled malicious party conducting a targeted attack against your organization.
Many organizations will conduct assessments in support of audit or other compliance efforts. These assessments bring with them their own reporting requirements, which are not reflected in our example, simply because we do not conduct compliance-based assessments. We encourage everyone who wants to use this report as an example for their own work to think critically about what they are trying to communicate and how best to do it. Don’t just blindly copy this format, as the results won’t be what you are looking for.
Often times, our customers are organizations that have been through multiple rounds of assessments and are having trouble finding a vendor that is up to the challenge of a highly secured environment. The attack simulations that we conduct are highly customized to the targeted organization and many involve the discovery and development of 0-day attacks.
Our reporting format is designed with these customers in mind. We strive to provide a clear narrative that demonstrates how controls are bypassed in addition to direct recommendations on how to mitigate or prevent successful attacks. Give it a read, and see if its right for you.
What is a Pen Test?
Interested in learning more about our penetration testing services? We’re more than happy to discuss your pentesting needs. Contact Offsec today!
[/vc_column_text][/vc_column][/vc_row]
Cybersecurity leader resources
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Latest from OffSec
OffSec News
OffSec Yearly Recap 2024
Join us as we explore all our successes in 2024, including exciting new content, courses, and so much more!
Dec 23, 2024
8 min read
Enterprise Security
Red Team vs Blue Team in Cybersecurity
Learn what a red team and blue team in cybersecurity are, pros and cons of both, as well as how they work together.
Dec 13, 2024
13 min read
Enterprise Security
Building a Future-Ready Cybersecurity Workforce: The OffSec Approach to Talent Development
Learn all about our recent webinar “Building a Future-Ready Cyber Workforce: The OffSec Approach to Talent Development”.
Dec 13, 2024
4 min read