Writing Reports: The Overlooked Pen Testing Skill | Pen Test HackFest Summit 2021
People are always excited to learn how they can penetrate networks to find vulnerabilities. But what good is finding vulnerabilities if your client doesn't understand or care about your findings? I offer my unusual perspective to this talk. Yes, I understand pen testing as a trade. I cowrote The Pen Tester Blueprint and I run Hack The Box's blog. But frankly, my professional focus has always been communicating my ideas. Especially to a business audience who only understands dollars and cents. In this talk, I will share (fictional for the sake of protecting sensitive information) examples of both well written and poorly written pen tester reports. I will emphasize how to not only explain vulnerabilities effectively, but also how to make business people care about addressing vulnerabilities for the sake of protecting their bottom line. One of the hardest things about cybersecurity bis getting "the suits" to allocate a decent security budget. Yes, I will compose a series of fictional pen tester reports for the sake of this talk.
Presenter: Kim Crawley, Blog Manager, Hack the Box
/ kim_crawley
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE
Watch video Writing Reports: The Overlooked Pen Testing Skill | Pen Test HackFest Summit 2021 online without registration, duration hours minute second in high quality. This video was added by user SANS Offensive Operations 13 January 2022, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,39 once and liked it 5 people.