I’m a penetration tester myself, and what I’ve noticed is that on the client side, management wants high-level reports—like how many findings are open, and how many are high or medium severity. We do provide PDF reports of the pentest, but they always struggle to track the overall status of the findings.
So, I’ve been thinking about creating a web app tracker where they can see the impact, description, severity, and mitigation recommendations.
Also not all penetration testing findings number in the hundreds or thousands, except for vulnerability assessments (VA). So, it might be better for a consultant to input this information for the client.
So, I’ve been thinking about creating a web app tracker where they can see the impact, description, severity, and mitigation recommendations.
Also not all penetration testing findings number in the hundreds or thousands, except for vulnerability assessments (VA). So, it might be better for a consultant to input this information for the client.