5. Penetration Reports
Penetration testing (or “pen testing”) is the practice of simulating attacks on a system or application to uncover security weaknesses:
- Black Box: The tester has no prior knowledge of the system.
- White Box: The tester has detailed knowledge of the system.
- Gray Box: Some knowledge is provided, but not full.
Use Cases
- Black Box Testing
External testers find a login vulnerability. The team patches the issue and retests for confirmation.
- White Box Testing
Full system knowledge reveals code injection risks. Developers implement code fixes and resolve the report.
- Gray Box Testing
Limited access tests expose endpoint vulnerabilities. Engineers secure the endpoints and log retesting results.
- Retesting After Fixes
Vulnerabilities are fixed post-penetration test. Follow-up tests are conducted to ensure no further risks remain.
Pen testers document discovered vulnerabilities and exploitation paths. In the system, you’d log each test (or each portion of a test) as a Penetration Report,Report, noting the Name and any steps or results in the Description.Description. Security teams typically use it to confirm that known vulnerabilities are patched and no new ones have appeared.
Table View
-
Total: (top-left) shows how many penetration reports exist.
-
Search… quickly filters by any term in the Name or Description.
-
+ Add (top-right) opens the “Add penetration report” form.
| Column | Details |
|---|---|
| Name ⇅ | Title of the test (e.g. “Denial of Service,” “Open Redirect”). Clicking the link opens full details. |
| Description | One-line summary of what was tested or discovered. |
| Project | Link to the related project or environment. |
| Created at ⇅ | Date and time when the report was logged. |
| Actions | • ✏️ Edit |
There’s no built-in delete option for penetration reports—entries are archived by editing or by policy.
Adding a Penetration Report
1. Click + Add.
2. In Add penetration report:
- Name: Enter a clear title for the engagement.
- Description: Summarize the scope and key findings.
- Project: Select the associated project.
3. Click Save. Your new report appears in the table.
Editing a Penetration Report
- Click the ✏️ icon under Actions.
- In the Edit penetration report panel, update the Name, Description, or Project.
- Click Save to apply changes.
Typical Workflow
1. Pen Test Execution
A securitySecurity team or external vendor performsruns tests to(e.g., “break”vulnerability thescans, system,manual exploitexploitation, vulnerabilities,stress or stress‐test certain endpoints.tests).
2. Report Logging
Each test campaign is logged with a Name and Description of findings (e.g., the“SQL peninjection testfound campaignin orsearch date) and a Description of what was tested, which vulnerabilities were discovered, etc.endpoint”).
Additional fields can be added as needed (e.g., recommended fixes or references to CVE entries).
3. Review & Action
Security engineers analyzereview findings, tag them to development/ops teams, and track fixes.
Once remediated, tests may be rerun and the penreport test findings.
If issues are found, they coordinate with developers or ops teamsupdated to fix them.
The pen test might be repeated to confirmreflect the fix.final status.