Skip to main content

What is Executive summary in ethical hacking? some of the essential points that you should take into consideration while writing an executive summary.

As the name suggests, an executive summary is the portion that is specifically addressed to execu-tives such as the CEO or the CIO of the company.
The executive summary is the most essen-tial part of a penetration testing report; a good executive summary can make all the difference between a good report and a bad one.
Since the executive summary is specifically written to address the nontechnical audience, you should make sure that it’s presented in such a way that it’s easily comprehensible. Following are some of the essential points that you should take into consideration while writing an executive summary.

1.Since executives are very busy, they have minimal time to invest in reading your reports. Therefore you should make sure that your executive summary is precise and to the point.
2.Your executive summary should start with defining the purpose of the engagement and how it was carried out. Things such as the scope should be defined but very precisely.
3.Next, you should explain the results of the penetration test and the findings.
4.Following this, you should discuss the overall weaknesses in general and the countermea-sures that were not implemented that caused the vulnerability in the first place.
5.Next comes the analysis part; this is where you should write about the overall risk that was determined based upon our findings. 6.And, finally, you should write about to what extent the risk would decrease after addressing the issues and implementing the appropriate countermeasures.

The following is an example of an executive summary that we wrote for a customer. I would sug-gest you spend some time reviewing the essential points discussed and compare them with the executive summary that follows.

Comments

  1. This article is exellent. we got a new ideas to improve our knowledge. it was mind blowing. it makes me more interest to read this type of articles. thanks for sharing.
    Hacking Course
    Learn Ethical Hacking

    ReplyDelete

Post a Comment

Popular posts from this blog

40 easy ways to make money quickly

On this page you'll find all the best ways to make money in your spare time whilst at university based on our own experience. We'll keep adding new ways to this page so go ahead and bookmark it. And please do share your own ideas in the comments! Top ways to make money online and offline No-risk matched betting Hands down the quickest way to make a  lot  of money (well, without breaking the law). Lots of students have genuinely made £100s from this technique. It's completely legal, risk free, tax free, and anyone can do it. It works by taking advantage of free bets regularly offered by betting sites through ‘matching' them at a betting exchange. Matched betting eliminates the risk (you are betting both  for  and  against  a certain outcome). This leaves you being able to squeeze out the free bet, which can be as much as £200! Multiply this by how many betting sites there are and you can quite easily come away with a profit of a few hundred poun...

How to write report in ethical hacking?

……..continue of report writing …….. 4. Correct spelling and grammar is important too. A misspelled word leaves a very negative impact upon the person who is reading your report. So, you should make sure that you proofread your report and perform spell-checks before submitting it to the client. 5. Always make sure that you use a consistent voice and style in writing a report. Changing the voice would create confusion in the reader; so you should choose one voice and style and stick to it throughout your report. 6. Make sure you spend time on eliminating false-positives (vulnerabilities that are actually not present), because false-negatives will always be there no matter what you do. Eliminating the false-positives would enhance the credibility of the report. 7. Perform a detailed analysis of the vulnerability to find out its root cause. A screenshot of a RAW http request or the screenshot that demonstrates the evidence of the finding would give a clear picture to the developer of the st...