Reporting aspect of pen-testing

[TJ O'Grady <tjogrady () flyingwithouta net>]

Hi folks,

I am putting together a pen testing proposal as part of my final 
Master's project. If it's good enough, it will lead to a full pen test 
of a real network. This list has been very helpful with the technology 
background, but the part I am stuck on right now is the reporting 
piece. When a pen-test is complete, what do you include in the report? 
How do you structure the information for business contacts, I imagine 
raw data is often not helpful  in many cases. Any hints or tips would 
be greatly appreciated.

Thank you,
TJ


---------------------------------------------------------------------------
----------------------------------------------------------------------------