Skip to the content

CREST Certified Penetration Test Sample Report

Not all Penetration Test Reports are created equal. Methodology can vary from supplier to supplier, but the essential element common to all Penetration Tests is the written report, key to guaranteeing the maximum value from the overall process. What should you look for in a Penetration Test Report? 

What to Look For In A Penetration Test Report

Providing a comprehensive review of your organisation's information security, Penetration Testing is a deep dive into your network, designed to discover areas of concern and highlight where improvements could be made in infrastructure, procedures and policies.

Although Penetration Testing methodology can vary from supplier to supplier, the essential element common to all Penetration Tests is the written report, key to guaranteeing the maximum value from the overall process.

When undergoing supplier selection, reviewing sample Penetration Test reports provides invaluable insight into:

  • Level of detail you’ll be able to expect
  • How accessible the language used will be for both technical and non-technical stakeholders
  • How the Penetration Testing process can subsequently help inform and guide cybersecurity improvements


What Should A Penetration Test Report Include?

Executive Summary

Focusing on the key findings from the testing process, this should be clear, concise and provide essential insight, and high level recommendations, particularly useful for non technical business leaders.

Project Scope and Technical Approach

IP addresses and the type of attack used, methodology (black, grey or white box) as well as the number of attempted exploits by type.

Results

A well written report gives an account of each detected vulnerability, how this it was detected, and how it could be exploited – rather than simply pasting in large sections of scanner output data. Remediation advice which is understandable and actionable is critical in ensuring the Penetration Testing process results in positive outputs, improving your organisation’s security.

Risk-based Scoring

By using a standardised scoring system, for example CVSS (Common Vulnerability Scoring System) threats and vulnerabilities can be ranked in order of criticality, to ensure resources are allocated accordingly.

Report Delivery

How will the report be delivered to you? Ensure basic requirements are met, ie the report is delivered in an encrypted format. You may also require that the report is presented to key stakeholders in person, which can be discussed at the scoping stage of the process.

Sample Penetration Testing Report

Chess are certified by CREST, an international not-for-profit accreditation and certification body that represents and supports the technical information security market.

Download Chess’s Penetration Test Sample Report for a comprehensive view of the Chess methodology and Penetration Testing approach, or contact us on 0330 107 7860.

About the author

Chess

Chess

Chess is one of the UK’s leading independent and trusted technology service providers, employing 300 skilled people across the UK, supporting over 20,000 organisations.

 By leveraging world-class technology, Chess helps you to connect your people, protect your data, grow your business, reduce your costs and work better together, which means your business, your people and your customers can thrive.

At Chess, we’re passionate about our unique culture and our continuous investment in our people to be industry experts. We’re extremely proud that our people voted us No.1 in ‘The Sunday Times 100 Best Companies to Work for’ list 2018, and we continue to celebrate more than ten years in the top 100.

Speak to a Product Specialist

You can fill out the form and one of our product specialists will contact you shortly with more information.
Sales
To contact our Sales team directly, please call 0344 770 6000 and choose option 4.
Customer Service
For general queries or to report a non-urgent fault, please log a ticket on our customer portal using the email address associated with your account. Logging a ticket is quick and easy to do. Once you have logged your ticket, we will respond within 24 hours or your Service Level Agreement, whichever is quicker.
I agree for my information to be used for marketing communications.