The Future of Penetration Test Reporting

August 30, 2019

The Future of Penetration Test Reporting

The traditional pentest is dead

Clients are sick of the old-school model of being charged an extra day for a pen-tester to create a drawn-out PDF. They are sick of the waiting too - a week or two weeks is simply too long for agile teams to wait to find out about issues.

The format is broken

Old school pdf Pentest reports have either far too much or too far little detail, depending on who is reading them a CEO or a CIO.

However, with OnSecurity all findings are reported securely online so it's much easier for users to filter the information and decide for themselves the level of detail they need to see.

Management can see top-line actions, while developers and security teams can drill down into the technical detail.

A penetration test report executive summary

Real Security requires Real-time reporting.

Waiting 3 weeks for a test to start and 2 weeks after the test has finished to receive the results isn't good enough anymore. The fact is, most vulnerabilities found during a pen-test can be shared within hours, not weeks.

Our testers report their findings in real time when the information is fresh, evidence is available and the tester motivated.

Report showing security issues in real-time

Online reporting changes the dynamic

Developers can now speak to testers directly via Slack clarifying issues and remediation advice. This allows them to fix issues as we find them and have them retested for free within the testing window.

Clients chatting with pentestesters via Slack

Book your demo today

To talk to us about the future of penetration test reporting or to book a demo contact: Andy.Bryan@OnSecurity.co.uk


Conor O'Neill Pentester and OnSecurity CoFounder

About Conor O'Neill

Conor is our Co-Founder and Head of Product Strategy at OnSecurity. Conor has over a decade of IT security experience, and has held a number of impressive letters after his surname, including M.Sc, CRT, GCIH and CISSP.

Feel free to connect with him on LinkedIn or get in touch with us at OnSecurity to discuss how we can help your business get more insight from your security reporting.