Congratulations, you have completed your examination of the Woeson Books information system infrastructure but you are not done with your job yet. A penetration test is only as good as the findings and recommendations communicated to the client. For your final assignment you are to produce a security assessment report. This would be an executive report for Woeson Books that communicates the status of Woeson Books security based on the systems you have tested through the course.
You should review and include findings and concerns from the previous weeks, for example consider:
– Week 1: Review your project plan for the test, summarize activities, scope, applicable laws, etc.
– Week 2: What vulnerabilities were discovered with the company database?
– Week 3: What did you learn from any network mapping you completed?
– Week 7: Did you have any concerns with the embedded systems?
– Week 8 & 9: What did your penetration test of the Woeson web site reveal?
– Week 10: Summarize and explain the wireless scan you ran on the Woeson access point. What is the impact of what you found? What are your recommendations?
Your report should follow the structure of the sample report attached to this assignment. Some examples are included in the report but you should update the generic data and complete according to your findings and recommendations. Your summary should be written with a summary for non-technical management with a security status (Excellent, Good, Poor, Bad), and top recommendations. The rest of the report should be more technical and aimed at technical staff. Use the appendix for any screen shots showing critical vulnerabilities and exploits. Use information from all the 11 previous weeks of this course.
Remember this is a professional report to a customer. Proper grammar, spelling, and good formatting is important. Finally, clear and concise is a must.
Complete the attached “Sample Pentest Report Format” document.
0 comments