What's in a Pentest Report
Here’s what you can expect in a Pentest Report.
Pentest Reports
Get a summary of vulnerabilities in your software.
Download a pentest report to view security issues that pentesters found.
You can download a report for a pentest once it’s in Remediation. Report types and their contents differ for each pentest type.
To download a report as a PDF file:
- On the pentest page, navigate to Report.
- If available, select the report type.
- Select Download.
If you’ve purchased an appropriate PtaaS tier, you can customize the contents of some reports.
Pentest Report Types
| Report Type | Available for Pentest Type | Description | Customizable |
|---|---|---|---|
| Automated Report | Agile | A system-generated report for an Agile Pentest intended for internal use. Includes the following sections:
|
No |
| Customer Letter | Comprehensive, In-House | An executive summary of the pentest. May be used as a certificate of completion. Great for external stakeholders. Includes:
|
Yes |
| Attestation Report | Comprehensive, In-House | A report similar to Customer Letter, with additional details:
|
Yes |
| Attestation Letter | Comprehensive, In-House | A one-page report suitable for external stakeholders. Includes the following:
|
Yes |
| Full Report | Comprehensive, In-House | A report that contains comprehensive information about the pentest. Includes the following sections:
|
Yes |
| Full Report + Finding Details | Comprehensive, In-House | A report that adds details of every test finding to the Full Report. Finding details include:
|
Yes |
Note
We do not create multiple pentest reports for large assets. For example, if you want separate pentest reports for different APIs, set up different pentests for each API.Customize Your Pentest Report
You may be able to create a customized pentest report.
Co-branded Pentest Reports
Cobalt partners can add their logo to pentest reports.
Last modified February.02.2024