Results and Reporting for CompTIA PenTest+
Making sure you report everything you've discovered to the client/target is imperative to finish up your engagement. Learn what to include in your report, how to organize, and present your finding in a professional manner.
What you'll learn
You have completed your penetration test. Congratulations! No time to relax, though, because the next step is to analyze the data you collected and create reports based on that data. Your reports need to put both information about the data you collected and recommended strategies to mitigate the vulnerabilities that you've identified.
In this course, Results and Reporting for CompTIA PenTest+, you will learn how to handle all the information you have collected by the target. First, you will explore how to make sure you have gathered all the data needed for your report. Once you understand this, you will have a better idea of how to organize and present the information that is valuable to the client. Next, you will learn about how to develop different mitigation strategies to help the client gain better control over their vulnerabilities. Then, you will see how to write a report, categorize the data, and how to work with the client to determine their “risk appetite.” Finally, you will discover all the cleanup tasks every security professional should make sure they run through to make sure they don’t leave the client vulnerable to outside attacks. When you are finished with this course, you will have the skills and knowledge required of penetration testers to complete any engagement and make sense of all the issues you’ve encountered.
Table of contents
- Introduction 2m
- Suggested Solutions Regarding People 4m
- Suggested Solutions Regarding Processes 4m
- Suggested Solutions Regarding Technology 5m
- Categories of Findings 5m
- Category of Findings: End User Training 1m
- Category of Findings: Password Hashing and Encryption 2m
- Category of Findings: Multi-factor Authentication 2m
- Category of Findings: Input Sanitation 4m
- Category of Findings: Parameterized Queries 1m
- Category of Findings: System Hardening 3m
- Category of Findings: Mobile Device Management (MDM) 2m
- Category of Findings: Secure Software Development 2m
- Data Normalization 2m
- The Report Structure 5m
- Risk Appetite 2m
- Report Storage 4m
- Report Handling 1m
- Report Disposition 1m
- Post-engagement Clean up Tasks 3m
- Removal of Credentials 2m
- Removal of Shells and Other Tools 2m
- Client Acceptance 2m
- Attestation of Findings 2m
- Lessons Learned 2m
- Follow up Actions 2m
About the author
Dale Meredith has been a Certified Ethical Hacker/Instructor EC-Council for the past 15 years, and Microsoft Certified Trainer for over 20 years. Dale also has an additional 7 years of senior IT management experience and worked as a CTO for a popular ISP provider. Dale's expertise is in explaining difficult concepts and ensuring his students have an actionable knowledge of the course material. Straddling the line of fun and function, Dale's instruction is memorable and entertaining. Dale's knowl... more