Penetration Test - Reporting_and_Communication(2)

Post-report Activities

POST-REPORT DELIVERY ACTIVITIES
  • Delivering the report isn't the end
    • There is more work to do
    • Delivering may include presenting the report
  • Post-report delivery activities - clean up any changes you made
    • Removing all of these
      • Shells
      • Tester-created credentials
      • Tools
    • Clean up history
    • Leaving artifacts can weaken the client
  • Client acceptance
    • Formal cessation of project activities and acceptance of deliverable
    • The client formally says "You're done."
    • Client should sign a statement of acceptance
  • Lessons learned
    • Crucial step in project closure
    • Helps to continuously improve
  • Follow-up actions/retest
    • Client may need more actions based on findings
    • Be careful to avoid extending the project scope here without a change process
  • Attestation of findings
    • Independent review and assurance of findings(i.e. third party)
QUICK REVIEW
  • Remove all test activity artifacts
  • Get formal client acceptance
  • Conduct "lessons learned" sessions with the client and capture the findings
  • Follow up on client add-on requests
posted @ 2020-12-17 21:33  晨风_Eric  阅读(77)  评论(0编辑  收藏  举报