March 26, 2021

issue in a pentesting report


Hi Martin, I have a lot of high vulnerable components (js, jar, lib, etc.) is it correct to place these in the same table with other high vulnerabilities such as weak token implementation, XSS, weak password policy for example?



How one goes about the visual presentation of their reports is generally specific to the company with the goal of displaying the results in the least confusing way. However you organize it, your goal is to convey the information you have gathered in a digestible format for non-experts.

You may split them purely by Critical/High/Medium/Low, or you might separate different components into categories and subdivide below each, or you might split the report into something like public facing vulnerabilities vs. internal vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.