ANALYZE AND REPORT | PENTEST EXTRA 07/2013 | TEASER

Dear PenTest Readers,

This time, we have decided to cover some topics which in our opinion don’t get enough attention in the community. Most of the testers focus on technical issues and they usually forget how important is it to have an elegant and informative style of writing. Their clients often struggle when it comes to fixing the newly discovered vulnerabilities mostly due to the testers’ poor communication skills. Almost everyone gets the most fun from conducting the complex attacks, but we cannot forget how important is it to properly present the results, so the outcome can be really valuable to the everyone involved.

In this issue, you will find many different ways of reporting. Some of them will be more complex and some of them will be as simple as they can be. As a reader, you have the wonderful possibility to check them all and choose the best option for yourself.

One would say: the whole publication about the reports? It is crazy, no one will read the entirety. Although we disagree with this saying, many of you might have the similar approach, so only first four articles will be devoted to the reporting. In the following sections, we will cover things such as vulnerability scanning, sockstress, wireless pentesting and even the recent PCI DSS changes.

Enjoy the reading!

★CONTENTS ★

200 OK on Audience | Writing An Effective Penetration Testing Report | Short And Straight To The Point | Reporting Tips & Tricks | Anatomy of a Vulnerability Scans before a Penetration Test | Analysing Vulnerability Scanning Report | A Denial of Service Primer via Sockstress | Black Hat Scenario – Compromising Domain Environment | Dreamwalker Software | PCI DSS v3.0: What You Need To Know | Basics of Wireless Penetration Testing