SecPlusTrainer / Glossary / What is pen test reporting?
D9 · PenTest+

What is pen test reporting?

A pen test report has two audiences: Executive (business risk context, risk ratings, strategic recommendations) and Technical (exact steps to reproduce, evidence, specific remediation guidance).
Each finding needs: description, risk rating (CVSS or custom), evidence (screenshot/PoC), business impact, and specific remediation steps. Never leave findings without remediation guidance. Executive summary: lead with business impact, not technical details. Clients pay for the report — make it excellent.

Related Terms

What is banner grabbing? What is enumeration in cybersecurity? What is OSINT (Open Source Intelligence)? What is passive reconnaissance?
← Back to Glossary Practice Questions →