How To Write A Pentest Report That Gets Your Findings Fixed
Вставка
- Опубліковано 31 січ 2025
- LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
📚 If you want to learn bug bounty hunting from me: bugbounty.naha...
💻 If you want to practice some of my free labs and challenges: app.hackinghub.io
💵 FREE $200 DigitalOcean Credit:
m.do.co/c/3236...
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - • If I Started Bug Bount...
2023 How to Bug Bounty - • How to Bug Bounty in 2023
Bug Bounty Hunting Full Time - youtu.be/watch...
Hacking An Online Casino - youtu.be/watch...
WebApp Pentesting/Hacking Roadmap - youtu.be/watch...
MY OTHER SOCIALS:
🌍 My website - www.nahamsec.com/
👨💻 My free labs - app.hackinghub...
🐦 Twitter - / nahamsec
📸 Instagram - / nahamsec
👨💻 Linkedin - / nahamsec
WHO AM I?
If we haven't met before, hey 👋! I'm Ben, most people online know me online as NahamSec. I'm a hacker turned content creator. Through my videos on this channel, I share my experience as a top hacker and bug bounty hunter to help you become a better and more efficient hacker.
FYI: Some of the links I have in the description are affiliate links that I get a a percentage from.
Big THANK YOU to our sponsor PlexTrac for making this video happen! 👉🏼 plextrac.com
Here's a copy of my Pentest Report template for free! 🆓 hhub.io/5xALMdSPve
📚 If you want to learn bug bounty hunting from me: bugbounty.nahamsec.training
This is great advice. I work at a Fortune 100 company on an in-house pentesting team, and we use a standardized template for these, with automation to help us fill them out. The template is very similar to what you showed here, but you actually provide a bit more in certain areas, such as the overall Recommendations section in the Executive Summary rather than just on each finding. Unfortunately, many bug bounty reports are lacking in impact information which is a reason organizations often prefer pentesting. In addition, I recommend providing a CVSS score and links to relevant CWEs for each finding.
Very helpful great video, thank you for sharing. Love your content
NahamSec a wonderful compilation of information, interview tomorrow, and this will help. Thank you!
Cannot wait to see you at UNSW
does this also work for bug rports
Thanks sir
Thank you for this great information and the template. I'm new to pen testing. Could I use cherrytree to create my reports?
Thank you very much Sir, you're saving my life!!!!
Happy to help
finally bro i needed this ...😅
🫡
Where to buy that shirt, you're wore ? Really cool t-shirt😅
hi, I’m new to bug bounty and want to focus on API pentesting. Is this a good choice, and are API vulnerabilities common? Or should I avoid focusing solely on this and instead study a bit of everything?
Это видео информативно и полезно. Спасибо, что поделились видео.
can beginner take your cource
thanks bro
What if you don’t have a company?
You may use for freelance projects. If not a freelancer as well then you don’t need to make the report.
You can easily create a basic company name and register a Sole Proprietorship.
Hey copilot please read a bug/pentest report for
Neat one there man. I believe the key is to explain in the report like you are teaching it to a kid or someone who know nothing about computers.and importantly , show the impact . Very good video man 🙏
Thanks for watching!!
1