Penetration Testing
      Back to home
      1. Secure Ideas Help Center
      2. Services
      3. Penetration Testing

      What factors impact the cost of Reporting?

      This article outlines the main factors that impact the effort and cost of the reporting phase of a penetration test engagement.

      Our standard penetration test report follows a proven formula that includes:

      • Executive Summary
      • Narrative or Activity Log
      • Findings, including summary, steps to reproduce, and recommendations
      • Strategic Guidance (if applicable)

      To better understand this deliverable, you may download our sample report. Our main goal with this document structure is to provide high-quality, actionable information.

      Minor variations in the report format won't significantly change the overall effort for the reporting phase of a penetration test. However, the following factors could make a difference, so be sure to bring these up:

      1. Complex Engagements

      There's a difference in the amount of effort needed to build a report for a typically sized penetration test and one that is unusually large or entails unusual complexities. Some examples include:

      • Testing extensive network ranges
      • Testing a large number of applications simultaneously
      • Complex penetration tests with many parts, such as combining network, physical,  and applications all at once.
      • Testing of specialized or unique devices

      2. Splitting the Report

      There may be circumstances where splitting the test findings into more than one report is desirable. For example, if we are testing several web applications simultaneously and you prefer a separate report for each application, this will increase the effort. We can usually accommodate some report splitting without increasing the cost, but the amount of effort increases slightly with each additional report.

      3. Special Reporting Requirements

      Your circumstances may require specialized reporting that does not fit the standard report format. For example, you may have unique requirements defined by internal governance or third-party regulatory obligations. We are happy to accommodate any special requirements that are clearly defined while scoping the work.

      Some examples of special reporting requirements include:

      • Comparative analysis to past reports
      • Specific formats that differ from our standard
      • Score-card type analysis of your adherence to a particular framework.
      • Formal Presentation - We offer a report read-out with your team that allows you to ask questions and gather more understanding of the details in the report. Upon request, we can also do a formal presentation of the report to your board of directors or executive team. This may increase the cost depending on the requirements.