Writing Powerful Pentest Reports
2022-06-18, 15:00–15:25, Track 2 (Moody Rm 101)

A penetration testing engagement involves many things, ranging from the initial recon phase to submitting the final deliverable at the end of it all, what is called the penetration testing report.

Often, the quality of this final deliverable gets ignored because of the heavy focus on identifying vulnerabilities. This talk will include the strategies that can be followed to write effective and powerful reports, do's and don'ts to be followed when crafting one penetration testing report.


A penetration testing report is a very important document that is read by people like the CISO, developer, manager and contains confidential information like critical vulnerabilities, test URLs etc. Some common mistakes while creating this penetration testing report are incorrect scope details, grammatical errors, not providing the methodology followed, leaking sensitive data like passwords etc.

This talk will include the following:
1. Why Penetration Testing Reports are important
2. Things to be included in the penetration testing report
3. Strategy to be followed for creating an effective Proof-of-Concept
4. How to avoid the common mistakes

Abhinav Khanna is an Information Security Professional, currently working as an Application Security Engineer at NotSoSecure | part of Claranet Cyber Security. He is an active bug bounty hunter & is a member of Synack Red Team as well. Apart from security, he likes playing Table Tennis.