Your full report will include:
1. A cover sheet – This will include the overall purpose of the test, your plan, footprinting of the company, dates tests were performed, and document classification (who has access and how much). 2. An Executive Summary – one page maximum
3. Summary of vulnerabilities
4. Test Team Details – since you have completed this as an individual, this will be the details about you.
5. List of Tools Used 6. Copy of the original scope of work 7. Main body of the report that includes: (include graphics, graphs where possible to show results) details of all detected vulnerabilities and any attacks that are obvious how you detected the vulnerability clear technical expiations of how the vulnerability could be exploited, and the likelihood of exploitation. (DO NOT copy and paste jobs from vulnerability scanner output. This should be your own words and explanations.) detailed remediation advice – this should be the exact steps required to fix the issue 8. Risk Ranking/Profile – (see Pentest Standards at http://www.pentest-standard.org/index.php/Reporting 9. Distribute report to the client. Electronic distribution using public key cryptography is recommended but if symmetric encryption is used, a strong key must be used and must be transmitted out of band. DO NOT transmit the report unencrypted.