• How To Create An Awesome Application Security Report

    If you want to excel as a pentester, it is not enough to be a highly technical security expert. You have to be able to produce high quality reports that effectively communicate an application’s security state to a client. In this post, I go over some of the key components of an application security report and give you some writing tips to improve your main deliverable as a pentester.


  • How To Write An Application Security Finding

    Although most application security testers would prefer to spend their time hunting for the next cool finding, we all know that at some point we have to devote some time to writing up our work. You may have found a severe vulnerability in the application but if you can’t effectively describe the issue to the client, they may not truly understand its impact or how to remediate it and they may end up being in a worse place than when you started. (more…)