How To Write A Pentest Report That Gets Your Findings Fixed

Поділитися
Вставка
  • Опубліковано 31 січ 2025
  • LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
    📚 If you want to learn bug bounty hunting from me: bugbounty.naha...
    💻 If you want to practice some of my free labs and challenges: app.hackinghub.io
    💵 FREE $200 DigitalOcean Credit:
    m.do.co/c/3236...
    🔗 LINKS:
    📖 MY FAVORITE BOOKS:
    Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -amzn.to/3Re8Pa2
    Hacking APIs: Breaking Web Application Programming Interfaces - amzn.to/45g4bOr
    Black Hat GraphQL: Attacking Next Generation APIs - amzn.to/455F9l3
    🍿 WATCH NEXT:
    If I Started Bug Bounty Hunting in 2024, I'd Do this - • If I Started Bug Bount...
    2023 How to Bug Bounty - • How to Bug Bounty in 2023
    Bug Bounty Hunting Full Time - youtu.be/watch...
    Hacking An Online Casino - youtu.be/watch...
    WebApp Pentesting/Hacking Roadmap - youtu.be/watch...
    MY OTHER SOCIALS:
    🌍 My website - www.nahamsec.com/
    👨‍💻 My free labs - app.hackinghub...
    🐦 Twitter - / nahamsec
    📸 Instagram - / nahamsec
    👨‍💻 Linkedin - / nahamsec
    WHO AM I?
    If we haven't met before, hey 👋! I'm Ben, most people online know me online as NahamSec. I'm a hacker turned content creator. Through my videos on this channel, I share my experience as a top hacker and bug bounty hunter to help you become a better and more efficient hacker.
    FYI: Some of the links I have in the description are affiliate links that I get a a percentage from.

КОМЕНТАРІ •

  • @NahamSec
    @NahamSec  2 місяці тому +3

    Big THANK YOU to our sponsor PlexTrac for making this video happen! 👉🏼 plextrac.com
    Here's a copy of my Pentest Report template for free! 🆓 hhub.io/5xALMdSPve
    📚 If you want to learn bug bounty hunting from me: bugbounty.nahamsec.training

  • @BinaryAdventure
    @BinaryAdventure Місяць тому +1

    This is great advice. I work at a Fortune 100 company on an in-house pentesting team, and we use a standardized template for these, with automation to help us fill them out. The template is very similar to what you showed here, but you actually provide a bit more in certain areas, such as the overall Recommendations section in the Executive Summary rather than just on each finding. Unfortunately, many bug bounty reports are lacking in impact information which is a reason organizations often prefer pentesting. In addition, I recommend providing a CVSS score and links to relevant CWEs for each finding.

  • @GarryBable
    @GarryBable Місяць тому

    Very helpful great video, thank you for sharing. Love your content

  • @TJWilliams-27s
    @TJWilliams-27s Місяць тому

    NahamSec a wonderful compilation of information, interview tomorrow, and this will help. Thank you!

  • @tedelliot6666
    @tedelliot6666 Місяць тому

    Cannot wait to see you at UNSW

  • @movies_to_serious
    @movies_to_serious Місяць тому +1

    does this also work for bug rports

  • @berthold9582
    @berthold9582 23 дні тому

    Thanks sir

  • @miisscherrysofly
    @miisscherrysofly Місяць тому

    Thank you for this great information and the template. I'm new to pen testing. Could I use cherrytree to create my reports?

  • @crasystuff2.035
    @crasystuff2.035 2 місяці тому

    Thank you very much Sir, you're saving my life!!!!

  • @edwinrerimoi7823
    @edwinrerimoi7823 2 місяці тому

    finally bro i needed this ...😅

  • @WaseemAkram-kx7tq
    @WaseemAkram-kx7tq Місяць тому

    Where to buy that shirt, you're wore ? Really cool t-shirt😅

  • @webuser0o1
    @webuser0o1 Місяць тому

    hi, I’m new to bug bounty and want to focus on API pentesting. Is this a good choice, and are API vulnerabilities common? Or should I avoid focusing solely on this and instead study a bit of everything?

  • @Sandddesss
    @Sandddesss Місяць тому

    Это видео информативно и полезно. Спасибо, что поделились видео.

  • @diversifyfact7985
    @diversifyfact7985 Місяць тому

    can beginner take your cource

  • @skarthiLCE
    @skarthiLCE 2 місяці тому

    thanks bro

  • @alexsanzphoto
    @alexsanzphoto 2 місяці тому +1

    What if you don’t have a company?

    • @the_sandman00
      @the_sandman00 2 місяці тому

      You may use for freelance projects. If not a freelancer as well then you don’t need to make the report.

    • @BinaryAdventure
      @BinaryAdventure Місяць тому

      You can easily create a basic company name and register a Sole Proprietorship.

  • @RmVsRmVsCg
    @RmVsRmVsCg Місяць тому

    Hey copilot please read a bug/pentest report for

  • @latesthitstch9428
    @latesthitstch9428 2 місяці тому +1

    Neat one there man. I believe the key is to explain in the report like you are teaching it to a kid or someone who know nothing about computers.and importantly , show the impact . Very good video man 🙏

    • @NahamSec
      @NahamSec  2 місяці тому

      Thanks for watching!!

  • @law6zx7
    @law6zx7 2 місяці тому

    1