The Future of Penetration Test Reporting

30 Aug 2019 by Conor O'Neill Conor O'Neill

The traditional pen-test is dead

Clients are sick of the old-school model of being charged an extra day for a pen-tester to create a drawn-out PDF. They are sick of the waiting too - a week or two weeks is simply too long for agile teams to wait to find out about issues.

The format is broken

Old school pdf pen-test reports have either far too much or too far little detail, depending on who is reading them a CEO or a CIO.

However, with OnSecurity all findings are reported securely online so it's much easier for users to filter the information and decide for themselves the level of detail they need to see.

Management can see top-line actions, while developers and security teams can drill down into the technical detail.

penetration test report executive summary
penetration test report

Real Security requires Real-time reporting.

Waiting 3 weeks for a test to start and 2 weeks after the test has finished to receive the results isn't good enough anymore. The fact is, most vulnerabilities found during a pen-test can be shared within hours, not weeks.

Our testers report their findings in real time when the information is fresh, evidence is available and the tester motivated.

Online reporting changes the dynamic

Developers can now speak to testers directly via Slack clarifying issues and remediation advice. This allows them to fix issues as we find them and have them retested for free within the testing window.

Book your demo today

To talk to us about the future of penetration test reporting or to book a demo contact:

About The Author

Conor O'Neill

Conor O'Neill - OnSecurity Head Of Product

Conor is a co-Founder and Head of Product at OnSecurity. Conor has over a decade of IT security experience, and has been heavily involved with startups over the past few years