Process overview
As your pentest campaign is coming to an end, it is the time to generate a final report to share its conclusions. This report is particularly useful to communicate to key internal stakeholders or externally for compliance purposes.
The standard process for generating a final pentest report is the following:
Designate the Pentest lead who is able to generate the Final Report
ℹ️ You must be a Business Unit Owner or a Business Unit Manager to designate the Pentest lead.
Customize your final report (logo, rules, goals, findings summary)
Stop the pentest campaign
Generate and validate your final report
Step 1: Designate a Pentest Lead
⚠️The final report can only be generated by the Pentest Lead.
Go to the “Admin panel”
Choose a Pentest program
Click on “Final reports” on the left-side menu
Click on “Designate Pentest lead”
Assign a member as Pentest Lead
ℹ️ As a BU Owner, BU Manager or Program Manager, if you want to generate the final report, you must assign yourself as the Pentest Lead.
Click on “Designate”
A Pentest Lead is now designated and will be the only person authorized to generate the final report
💡 You can designate a Pentest Lead at any time, even after the program has been stopped.
Step 2: Generate a Draft Report
At the end of the pentest campaign, you will be able to get a final report generated by the Pentest lead. You may also generate a non-definitive draft report in the meantime.
Go to the pentest program of your choice
Click on “Final reports” in the left-side menu
Click on “Generate draft report”
Define an “Author”, write the “Description and goals” and the “synthesis of findings”. This information will be included in the final report
Click on “Generate draft report”
Update your draft as many times as needed until the pentest is closed, and download it if you need to share the document internally.
Step 3: Customise your final Report (optional)
Click on “Customise final report”
Add logos, a header, and a footer to your final report
Click on “Save”
Step 4: Stop your campaign
Choose a program in Admin panel
Click on “Home” in the left-side menu
Click on “Pause Pentest”
Write a message to explain why the pentest campaign needs to be stopped
Click on “Stop pentest”
When the Pentest has been stopped, a banner will appear on your program to guide you to generate the final report.
Step 5: Validate your final report
ℹ️ You will be able to generate a final report once your pentest has been stopped.
Click on “Validate final report”
Fill in, verify ,and modify each field
Click on “Validate” only when your content is finalized
Click on “Confirm”
⚠️ After this step, your final report will be generated and can no longer be modified.
Your final pentest report is now generated!
Click on the “Download” icon on the right to save it to your own files
Your final pentest report describes the goals of the campaign, scopes, methodology, involved pentesters, and all submitted reports
ℹ️ Once the final report is generated, the pentest campaign status changes from “Stopped” to “Not Started.” Use this campaign to launch a new pentest with the same scope.
Centralize your documents in YesWeHack platform
💡Use case
You have additional documents related to an ongoing pentest campaign (the final report of the pentest provider, an internal presentation of the security test results, etc.) and you want to easily retrieve these documents.
The YesWeHack platform enables you to create a documentary base by uploading up to 10 .pdf files per campaign. This way, you can access the full history.
Click on “Upload Custom Report” to add up to 10 custom report files to your final report
Select a .pdf custom report from your own documents
Click on the icon on the right (“Custom reports”) to see all your uploaded files
Upload or delete each custom report if needed
ℹ️ These custom reports won’t be integrated into your final report.