I have been an ethical hacker for about 6 years but mainly operating out of Africa where PT is still being regarded as some sort of "black magic". Most of our clients are big financial institutions and a conglomerates.
I have been a passive member of this forum for some time now and would like to share with you a VA/PT report framework that i came up with from my experience consulting in this field. I do not know how reports are structured in other parts of the world, but i do know that other than the engagement itself, the report serves to justify the derived value around these parts.
I have googled for sample reports but to say i came up short is a masterpiece of understatement. What i found were either too verbose and grandiose or downright narrow in scope missing out salient but pertinent details in mostly audacious attempts at describing all the technical input and results - Detailed layout, logical flow and visual analysis are conspicuous only by their absence.
I have always believed that in order to get inside the mentality, first we have to jettison the PT myth. Furthermore I am also of the opinion that a VA/PT report should be as simple and clear as it is concise and should cut across all strata of audience not just the technically minded.
All these put together led me to put up what is the first draft of the Open Source Security Assessment Report (OSSAR v 0.5). This is something that will be updated as often as i can with new information. I will kindly request members to download it and give an objective opinion on the material. I am very much interested in what this community thinks. Comments (+ve or -ve), suggestions and modifications are welcomed.
This is a VA/PT report for a fictitious bank called eClipse Bank PLC carried out by another fictitious company Cynergi Solutions Inc. All names, URLs, IPs, etc are fictitious. Some of the vulnerabilities discussed have actually occurred for real but i have replaced all the pesky details.
It can be downloaded here http://uploading.com/files/E5MHOS2U/ossar_v0.5.pdf.html