Ethical Hacking and Penetration Testing Guide


◾  Ethical Hacking and Penetration Testing Guide Remediation Report



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə24/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   20   21   22   23   24   25   26   27   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

12
◾ 
Ethical Hacking and Penetration Testing Guide
Remediation Report
Next up we have the remediation report, which contains the overall recommendations that once 
implemented would increase the security of the organization. This is specifically an area of interest 
for the management class, as they are the ones that are going to enforce the security policies of an 
organization.
As mentioned earlier, these guys may or may not be technical; therefore our remediation report 
should be very precise and easy to understand. Things that could improve overall security such as 
implementing SDLC, a firewall, and an intrusion detection system should be recommended. The 
following is an example of how a remediation report should look like:
Vulnerability Assessment Summary
Next, we have the vulnerability assessment summary, sometimes referred to as “findings sum-
mary.” This is where we present the findings from our engagement. Things such as the overall 
strengths and weaknesses and risk assessment summary can also be included under this section.
“A picture speaks a thousand words” is a brilliant quotation that all of us remember from our 
childhood, don’t we? Behold, for now it’s time to see the actual use of it. It always helps to include 
charts in your report, which would give the audience a better understanding of the vulnerabilities 
that were found. Security executives might be interested in this portion of the report as they would 
need to enforce the countermeasures.


Introduction to Hacking
◾ 
13
There are different ways for representing vulnerability assessment outputs in the form of graph-
ical charts. Personally, I include two graphs; the first one classifies the vulnerability assessment on 
the basis of the severity and the second one on percentage.
Vulnerabilities by severity
Percent of vulnerabilities by severity
8
7
6
5
4
3
2
1
0
Critical
Critical
High
High
Medium
Medium
29%
21%
0%
50%
Low/info
Low/info
0
3
4
7
Next, I include a “vulnerabilities breakdown” chart, where I talk about the findings for a par-
ticular host followed by the number of vulnerabilities that were found.
Vulnerabilities breakdown
S #
IP Address
Hostname
Critical
High
Medium
Low/Info
0
0
7
4
14
6
3
2
Services.rafayhackingarticles.net
Tools.rafayhackingarticles.net
1
2
192.254.236.66
192.254.236.67
Tabular Summary
A tabular summary is also a great way to present the findings of a vulnerability assessment to a 
customer. The following screenshot comes directly from the “NII Report” and summarizes the 
vulnerability assessment based upon the number of live hosts and also talks about the number of 
findings with high, moderate, or low risk.
Category
Systems vulnerability assessment summary
Description
Number of live hosts
50
14
6
9
High, medium, and info severity
vulnerabilities
Number of vulnerabilities
29



Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   20   21   22   23   24   25   26   27   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin