➡️ Sales phase
Before conducting a penetration test, legal agreements are established to define the relationship between the client and the security testing provider.
- Mutual Non-Disclosure Agreement (NDA)
- Ensures confidentiality of sensitive information.
- Prevents disclosure of client or tester details without consent.
- Master Service Agreement (MSA)
- Defines overall business terms and conditions.
- Covers liability, payment terms, and service responsibilities.
- Statement of Work (SOW)
- Specifies the scope, objectives, and timeline of the penetration test.
- Outlines deliverables, methodologies, and exclusions.
- Other Documents (sample reports, recommendation letters, etc.)
- Provides clients with example reports for reference.
- Includes references or testimonials for credibility.
➡️ Before you test
Key agreements set the rules and expectations for how the penetration test will be conducted.
- Rules of Engagement (ROE)
- Defines testing scope, authorized attack methods, and limitations.
- Establishes acceptable testing hours, emergency contacts, and data handling rules.
- Ensures compliance with legal and ethical guidelines to avoid unintended damage.
➡️ After you test
Once the penetration test is completed, findings and recommendations are documented.
- Findings report
- Summarizes identified vulnerabilities and security gaps.
- Provides risk assessments and prioritization of discovered threats.
- Includes remediation recommendations to improve security.
These documents ensure legal protection, clear expectations, and structured reporting throughout the penetration testing lifecycle.
- Check TCM's video about Writing a Pentest Report with the provided samples
Demo Company - Security Assessment Findings Report
- Clear & Structured: Well-organized with sections like Executive Summary, Findings, and Recommendations for easy navigation.
- Professional & Concise: Uses formal language, bullet points, and tables to present key information efficiently.
- Balanced Detail: Combines technical depth for IT teams with simplified summaries for executives.
- Actionable Insights: Findings are supported with evidence, and recommendations are clear, prioritized, and practical.
The report is well-written, easy to follow, and effective for both technical and non-technical audiences.
- Set goals for yourself and stay motivated.
- Avoid complacency - keep pushing forward.
- Apply for jobs even if you're unqualified - growth comes from challenges.
- Admit when you don’t know something - learning starts with humility.
- Prove yourself by showing dedication and effort.
- Be selective with job applications - apply only to roles that fit your long-term goals and criteria.
- Surround yourself with smarter people - growth comes from being challenged.
- Build a strong network - connections are key to success.