The final piece of the puzzle that you need to create is your engagement report--or, as it’s more commonly referred to in the industry, your deliverable. In this chapter, I go over all the components that make up a solid pentest deliverable. There are eight of them, and I explain the purpose of each section and what it should contain. Appendix D is an example of a complete standalone INTP deliverable, which I would present to Capsulecorp if it had been a real company that hired me to perform a pentest engagement. You can and should feel free to use this example report as a template or framework when creating your own deliverables.
After you’ve produced a few, you’ll start to come up with your own style and adjust things to your liking. I don’t bother covering the style or look and feel of a deliverable because that’s completely up to the company you work for and their corporate branding guidelines. It’s important to point out that a pentest deliverable is the work product of an individual company that sells pentesting services. For that reason, deliverables differ in size, structure, color, fonts, charts and graphs, and so on from company to company.