The fun part of pentesting is the hacking, clearly. But the part that makes it a viable career is the reporting.
You can develop the most amazing exploit for the most surprising vulnerability, but if you can’t document it clearly for the people who need to fix it, then you’re just having fun.
Which is fine! Have fun!
But if you want to make a career out of it, you should spend as much effort on a useful report as you do on the actual testing.
I will show you some common mistakes I see in reports. Then I’ll show you simple things you can do to make your reports clear, useful, and brief.
You’ll see some before-and-after examples of a bad report made good, with clear explanations of what makes the difference.
Those things will be useful no matter what tools you use to create reports, but if we have time, we’ll look at a few Microsoft Word hacks that will save you time and improve consistency.