Master the art of writing clear, concise, and impactful pen test reports with this hands-on workshop designed to elevate your team’s reporting skills.
Introduction To The AC/DC Rules
The importance of Actionabilty, Correctness, Defensibility and Clarity
An easy-to-remember framework for self-checking that written work is of a high standard.
Thinking Clearly & Critically
How to ensure you don’t fool yourself
Less experienced testers can sometimes fail to get their point across effectively, meaning that important vunerabilities are not properly documented, or that insignificant findings are over-stated. We discuss strategies to avoid being caught out by false positives.
Separating Fact From Opinion
Handling The Truth
Knowing the difference between fact and option, when each is appropriate, and how far to go with opinions when writing up technical findings.
Understanding how subjective, objective and empirical truth can affect the credibility and impact of both the author and their report.
Creating Narrative
How to break down complex findings
For anything other than simple reports, testers need to learn how to chain together multiple issues, and clearly show how root causes contribute to a finding. We discuss real-world examples in the group.
The Management Summary & The Role of Context
Understand the client, understand the context
Here we discuss how business impact can be articulated by understanding the client’s own business in a little more detail. We apply this thinking and work on our own management summaries for real companies.
How To Perform QA
Quality, and constructive feedback
QA is vital in any pentest team reporting workflow, and here we discuss the role of QA, and how the task of peer review should be approached. We examine how QA, if not done sympathetically, can be a negative experience for all parties.
Practical Exercise
Putting it all together
Using example findings, we focus on writing a management summary, technical findings and recommendations - and peer-review these against the AC/DC guidelines.
