Sample pentester report
A visual preview of how our certified pentester communicates risk: validated findings, severity, practical impact, evidence, and remediation guidance.
Executive Summary
Assessment identified multiple issues requiring remediation.
Testing focused on externally exposed services and application behavior. Findings were validated to reduce false positives and prioritized based on practical attacker impact.
1
Critical
1
High
1
Medium
1
Low
Risk Score
Validated Findings
Findings prioritized by real-world risk
Authentication Weakness Identified
A weakness in the authentication flow could allow an attacker to bypass intended access controls under certain conditions.
Impact
Potential unauthorized access to protected resources.
Remediation
Review authorization checks, enforce server-side validation, and test access control paths before release.
Evidence Preview
Example EvidenceGET /admin/users HTTP/1.1
Host: app.example.com
Authorization: Bearer low-priv-user-token
HTTP/1.1 200 OK
{ "role": "admin", "email": "user@example.com", "access": "granted" }
Reference Data
Validation Notes
Finding was reviewed and validated to confirm practical impact before being included in the report.
Exposed Administrative Interface
An administrative login portal was publicly accessible and did not enforce additional access restrictions.
Impact
Increased risk of brute force attempts, credential attacks, and unauthorized administrative access.
Remediation
Restrict administrative access by IP, VPN, SSO, MFA, or conditional access controls.
Evidence Preview
Example EvidenceGET /admin/login HTTP/1.1
Host: admin.example.com
Authorization: Bearer low-priv-user-token
HTTP/1.1 200 OK
<title>Admin Portal</title> <form action="/admin/login" method="post">
Reference Data
Validation Notes
Finding was reviewed and validated to confirm practical impact before being included in the report.
Security Header Misconfiguration
Several HTTP security headers were missing or not configured consistently across application responses.
Impact
Increased exposure to browser-based attacks such as clickjacking or content injection.
Remediation
Apply a consistent security header baseline across all application routes and validate in staging.
Evidence Preview
Example EvidenceGET / HTTP/1.1
Host: www.example.com
Authorization: Bearer low-priv-user-token
HTTP/1.1 200 OK
Missing: Content-Security-Policy, X-Frame-Options, Referrer-Policy
Reference Data
Validation Notes
Finding was reviewed and validated to confirm practical impact before being included in the report.
Verbose Error Handling
Application responses disclosed unnecessary technical detail that could assist reconnaissance.
Impact
Improves attacker understanding of application behavior and backend technology.
Remediation
Return generic user-facing errors while logging detailed errors internally.
Evidence Preview
Example EvidenceGET /api/v1/customer?id=test HTTP/1.1
Host: api.example.com
Authorization: Bearer low-priv-user-token
HTTP/1.1 500 Internal Server Error
StackTrace: System.Data.SqlClient.SqlException at CustomerController.GetCustomer()
Reference Data
Validation Notes
Finding was reviewed and validated to confirm practical impact before being included in the report.
Retesting
Findings can be retested after remediation.
Once remediation is complete, SecureProbe can validate whether the issue has been resolved and provide updated status for closure.
$ secureprobe retest --finding SP-001
[+] Reviewing remediation evidence...
[+] Revalidating affected endpoint...
[+] Access control bypass no longer reproducible
status: remediated