Page 1 of 1

How to present hacking / pentest findings to non-technicals?

PostPosted: Mon Nov 14, 2016 2:45 pm
by tremor77
Dilemna... you're banging away at pen-testing for a big client. Intranet, routers and WAPs, servers, cloud servers, cloud applications, websites, IoT devices, other random crap.

You've got all sorts of good data.. open ports, CVE's, vulernabilities, and generally interesting items that you think should be addressed, from.. hey your website is a 3 yr old version of wordpress to OMG you've got plain text password authentication to your payroll system over an open wifi router that could easily be evil twinned.

The problem is, you need to present this data, and not to an IT person but rather, at a high level to a business person who, wants charts and graphs.. pretty colors and literally 5 minutes of his time.

My question is, what do you use to present an articulate and detailed presentation for an accumulation of data collection for security and testing... but in a way that's simple and brief (obviously we can attach the gory details in whitepaper format later on for the IT people to look at). Any suggestions?

Re: How to present hacking / pentest findings to non-technicals?

PostPosted: Mon Nov 21, 2016 8:29 am
by limdis
Hey man, a little late responding so hopefully you can see this before you have to make your presentation.

I went through this just last week. We had to present the audit findings to our board which is compromised of accountants who are also members of a large investment group. What you need to focus on is what they understand. In my case, it was money. I could have told them literally anything as long as the threat of damages was high enough and a cost effective solution was viable and quick. We threw in some flash regarding damaging reputations with a handful of charts and it went pretty smoothly. You'll never get them to fully understand in the time you need. So get flashy, tell them how damages would apply to them if exploited and not so much the fine details. Leave that for the white paper.

Re: How to present hacking / pentest findings to non-technicals?

PostPosted: Fri Dec 06, 2019 4:45 am
by ronanroger
I really appreciate your post information. We know that hack is an illegal thing. I also using the Asus router for internet connection. Recently can't login to asus router and for that reason, I could not get internet access. I could not understand that the password was hack or not. Because I tried many possible processes but could not be login. If anyone has any solution then suggest to me.