Penetration Testing Analysis with Standardized Report Generation

Penetration testing is a mirrored cyber-attack defined for identifying vulnerabilities and flaws in a computer system/Network/Web application— the organization appoints experts to conduct the test and present the details for deeper interpretation. One of the critical components of securing the network is to perform penetration tests of the network and web applications. In this paper, the industry-known OWASP (Open Web Application Security Project) vulnerability tool and three vulnerable web applications in a lab setup are explored and presented with a detailed analysis. Further, three penetration test reports are selected, and comprehensive analysis and reports are generated from the proposed setup. After the observation, it's understood that there is a lack of standardization format of the penetration testing reports. Therefore, this paper presents a format that will cater to the understanding of domain knowledge experts, decision-making bodies, and board members of the top executives of an organization for making further decisions on improving the robustness of their network and web applications.