Black Box Web Application Audit20 May 2018
The most important aspect of an audit is the scope. If the tester tests features that are out of scope, then they could be subject to lawsuits and damage to organization reputation.
For this specific exercise, this was a development environment, so HTTPS and weak passwords were out of scope.
The structure of the document is as follows:
- An executive summary that is approximately one page geared towards C-level executives e.g. CEO, CTO, or COO.
- A detailed summary that describes the attack narrative and summarizes the results. This section should be about two or three pages and should be geared towards a project manager
- A technical results section that summarizes each specific vulnerability found. This section should have a well developed, standardized, template that can be used for each vulnerability rather than writing out a full narrative.
Without further delay, you can read the PDF version at connor.rocks