Penetration Test

Post-report Activities

POST-REPORT DELIVERY ACTIVITIES

• Delivering the report isn't the end
  • There is more work to do
  • Delivering may include presenting the report
• Post-report delivery activities - clean up any changes you made
  • Removing all of these
    • Shells
    • Tester-created credentials
    • Tools
  • Clean up history
  • Leaving artifacts can weaken the client
• Client acceptance
  • Formal cessation of project activities and acceptance of deliverable
  • The client formally says "You're done."
  • Client should sign a statement of acceptance
• Lessons learned
  • Crucial step in project closure
  • Helps to continuously improve
• Follow-up actions/retest
  • Client may need more actions based on findings
  • Be careful to avoid extending the project scope here without a change process
• Attestation of findings
  • Independent review and assurance of findings(i.e. third party)

QUICK REVIEW

• Remove all test activity artifacts
• Get formal client acceptance
• Conduct "lessons learned" sessions with the client and capture the findings
• Follow up on client add-on requests