Intermediate
Template

Technical Report Template

The full technical report for security teams and developers. Contains detailed findings, proof-of-concept code, and step-by-step remediation guidance.

Report Structure

This template follows industry standards (PTES, OWASP) and provides comprehensive technical detail while remaining actionable for development teams. 
# PENETRATION TEST TECHNICAL REPORT

**Document Classification:** [Confidential / Internal Use Only]
**Version:** 1.0
**Client:** [Company Name]
**Assessment Period:** [Start Date] - [End Date]
**Report Date:** [Date]

---

## TABLE OF CONTENTS

1. Executive Summary
2. Scope and Methodology
3. Risk Rating Methodology
4. Summary of Findings
5. Detailed Findings
6. Appendices

---

## 1. EXECUTIVE SUMMARY

[Reference or include the Executive Summary document]

---

## 2. SCOPE AND METHODOLOGY

### 2.1 Engagement Scope

**In-Scope Assets:**
| Asset | Type | Description |
|-------|------|-------------|
| app.company.com | Web Application | Customer portal |
| api.company.com | API | REST API v2 |
| 10.0.0.0/24 | Network | Internal corporate network |

**Out-of-Scope:**
- Production database servers (read-only testing on staging)
- Third-party integrations
- Denial of Service testing

### 2.2 Testing Methodology

This assessment followed the [OWASP Testing Guide v4.2 / PTES / OSSTMM] methodology.

**Phases Completed:**
- [x] Reconnaissance and Information Gathering
- [x] Vulnerability Assessment
- [x] Exploitation
- [x] Post-Exploitation
- [x] Reporting

### 2.3 Tools Used

| Tool | Version | Purpose |
|------|---------|---------|
| Burp Suite Pro | 2024.x | Web application testing |
| Nmap | 7.94 | Network scanning |
| SQLMap | 1.8 | SQL injection testing |
| Nuclei | 3.x | Vulnerability scanning |

### 2.4 Testing Limitations

- [Any limitations encountered during testing]
- [Time constraints]
- [Access restrictions]

---

## 3. RISK RATING METHODOLOGY

Findings are rated using CVSS 3.1 combined with business context:

| Severity | CVSS Score | Description |
|----------|------------|-------------|
| Critical | 9.0 - 10.0 | Immediate exploitation possible, severe business impact |
| High | 7.0 - 8.9 | Significant risk, should be addressed urgently |
| Medium | 4.0 - 6.9 | Moderate risk, plan remediation |
| Low | 0.1 - 3.9 | Minor risk, address when convenient |
| Informational | N/A | Best practice recommendations |

---

## 4. SUMMARY OF FINDINGS

### 4.1 Findings by Severity

| Severity | Count |
|----------|-------|
| Critical | X |
| High | X |
| Medium | X |
| Low | X |
| Info | X |
| **Total** | **XX** |

### 4.2 Findings Overview

| ID | Title | Severity | CVSS | Status |
|----|-------|----------|------|--------|
| VLN-001 | SQL Injection in Login Form | Critical | 9.8 | Open |
| VLN-002 | Missing Security Headers | Medium | 5.3 | Open |
| ... | ... | ... | ... | ... |

---

## 5. DETAILED FINDINGS

[Repeat this section for each finding]

---

### VLN-001: SQL Injection in Login Form

**Severity:** Critical | **CVSS:** 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**Affected Asset:** https://app.company.com/login

**OWASP Category:** A03:2021 - Injection

#### Description
A SQL injection vulnerability was identified in the login form's username 
parameter. This allows an unauthenticated attacker to bypass authentication, 
extract sensitive data from the database, or potentially execute commands 
on the underlying system.

#### Evidence

**Request:**

  
 
  
 
 
 
 
   
 
   http    
 
  
 
POST /api/login HTTP/1.1
Host: app.company.com
Content-Type: application/json

{"username": "admin'--", "password": "anything"}
 
 
  

**Response:**

  
 
  
 
 
 
 
   
 
   http    
 
  
 
HTTP/1.1 200 OK
Content-Type: application/json

{"status": "success", "user": "admin", "token": "eyJ..."}
 
 
  

**Screenshot:**
[Insert screenshot showing successful bypass]

#### Impact
- Authentication bypass allowing access to any user account
- Full database access including customer PII
- Potential remote code execution via xp_cmdshell (MSSQL)

#### Remediation

**Immediate:**
1. Implement parameterized queries / prepared statements
2. Add input validation for username field

**Code Example (Before - Vulnerable):**

  
 
  
 
 
 
 
   
 
   python    
 
  
 
query = f"SELECT * FROM users WHERE username = '{username}'"
cursor.execute(query)
 
 
  

**Code Example (After - Secure):**

  
 
  
 
 
 
 
   
 
   python    
 
  
 
query = "SELECT * FROM users WHERE username = %s"
cursor.execute(query, (username,))
 
 
  

**Long-term:**
- Implement Web Application Firewall (WAF) rules
- Enable SQL query logging and alerting
- Conduct code review of all database queries

#### References
- OWASP SQL Injection: https://owasp.org/www-community/attacks/SQL_Injection
- CWE-89: https://cwe.mitre.org/data/definitions/89.html

---

## 6. APPENDICES

### Appendix A: Scan Results
[Nmap output, vulnerability scanner results]

### Appendix B: Screenshots
[Additional evidence screenshots]

### Appendix C: Remediation Priority Matrix

| Finding | Effort | Impact | Priority |
|---------|--------|--------|----------|
| VLN-001 | Low | Critical | 1 - Immediate |
| VLN-002 | Low | Medium | 2 - This Sprint |

### Appendix D: Retesting Information
Remediated findings should be verified through retesting. Contact [email] to schedule.

---

**END OF REPORT**

Key Sections Explained

Evidence Section

Always include reproducible evidence: HTTP requests/responses, screenshots, and command output. This proves the vulnerability exists and helps developers understand the issue.

Remediation Section

Provide specific, actionable fixes. Include code examples when possible. Separate immediate fixes from long-term improvements.

CVSS Scoring

Use CVSS 3.1 for consistent severity ratings. Include the vector string so readers can understand the scoring rationale. Adjust for business context if needed.

Related Topics

Executive Summary

Executive summary template

Finding Template

Individual finding template

Retest Report

Remediation verification template