Process overview
As your pentest campaign is coming to an end, it is the time to generate an audit report to share its conclusions. This report is particularly useful to communicate to key internal stakeholders or externally for compliance purposes.
The standard process for generating an audit report is the following:
Designate the Pentest lead who is able to generate the Audit Report
ℹ️ You must be a Business Unit Owner or a Business Unit Manager to designate the Pentest lead.
Customize your audit report (logo, rules, goals, findings summary)
Stop the pentest campaign
Generate and validate your audit report
Step 1: Designate a Pentest Lead
⚠️The audit report can only be generated by the Pentest Lead.
Go to the “Admin panel”
Choose a Pentest program
Click on “Audit reports” on the left-side menu
Click on “Designate Pentest lead”
Assign a member as Pentest Lead
ℹ️ As a BU Owner, BU Manager or Program Manager, if you want to generate the audit report, you must assign yourself as the Pentest Lead.
Click on “Designate”
A Pentest Lead is now designated and will be the only person authorized to generate the audit report
💡 You can designate a Pentest Lead at any time, even after the program has been stopped.
Step 2: Generate a Draft Report
At the end of the pentest campaign, you will be able to get an audit report generated by the Pentest lead. You may also generate a non-definitive draft report in the meantime.
Go to the pentest program of your choice
Click on “Audit reports” in the left-side menu
Click on “Generate an audit report”
Choose a start and an end date (only when certification is disabled)
Define an “Author”, write the “Description and goals” and the “synthesis of findings”. This information will be included in the audit report
Enable or disable visibility for pentesters
Click on “Generate draft”
Update your draft as many times as needed until the pentest is closed, and download it if you need to share the document internally.
Step 3: Customise your audit Report (optional)
Click on “Customise audit report”
Add logos, a header, and a footer to your audit report
Click on “Save”
Step 4: Stop your campaign
Choose a program in Admin panel
Click on “Home” in the left-side menu
Click on “Pause Pentest”
Write a message to explain why the pentest campaign needs to be stopped
Click on “Stop pentest”
When the Pentest has been stopped, a banner will appear on your program to guide you to generate the audit report.
Step 5: Validate your audit report
ℹ️ You will be able to generate an audit report once your pentest has been stopped.
Click “Validate” in the actions column on the right
Choose a start and end date (only when certification is disabled)
Fill in, verify ,and modify each field
Click on “Generate audit report” only when your content is finalized
Click on “Confirm”
⚠️ After this step, your audit report will be generated and can no longer be modified.
Your audit report is now generated!
Click on the “Download” icon on the right to save it to your own files
Your audit report describes the goals of the campaign, scopes, methodology, involved pentesters, and all submitted reports
ℹ️ Once the audit report is generated, the pentest campaign status changes from “Stopped” to “Not Started.” Use this campaign to launch a new pentest with the same scope.
Centralize your documents in YesWeHack platform
💡Use case
You have additional documents related to an ongoing pentest campaign (the audit report of the pentest provider, an internal presentation of the security test results, etc.) and you want to easily retrieve these documents.
The YesWeHack platform enables you to create a documentary base by uploading up to 10 .pdf files per campaign. This way, you can access the full history.
Click on “Upload Custom Report” to add up to 10 custom report files
Select a .pdf custom report from your own documents
View all your uploaded files in the dedicated section
Upload or delete each custom report if needed
ℹ️ These custom reports won’t be integrated into your audit report.
