# Pentest Reports

At the conclusion of every penetration testing engagement, the Catchify team delivers a comprehensive report summarizing the testing performed, the vulnerabilities discovered, and the recommended next steps. These reports are designed to be useful for both technical teams and executive stakeholders.

## What is Included in a Report

Each pentest report contains the following sections:

### Executive Summary

A high-level overview written for non-technical stakeholders such as CISOs, board members, and senior management. It covers:

* The scope and objectives of the engagement
* The overall security posture and risk level
* A summary of key findings by severity
* Strategic recommendations

### Methodology

A description of the testing approach used, including:

* The type of testing performed (black box, gray box, white box)
* The standards and frameworks followed (OWASP, PTES, NIST)
* The testing timeline

### Findings Summary

A table listing all findings with their severity, status, and the affected component. This provides a quick reference for tracking remediation progress.

### Detailed Findings

Each finding is documented with:

* Title and severity
* Description and business impact
* Detailed reproduction steps
* Evidence (screenshots and observations)
* Remediation recommendations

### Recommendations

A prioritized list of actions your organization should take, including both immediate fixes and longer-term security improvements.

<figure><img src="/files/9Eoi6a00b3Iv7vM4SEYM" alt="Sample pentest report showing executive summary and findings overview"><figcaption><p>A typical pentest report -- professional, detailed, and ready to share with leadership</p></figcaption></figure>

## Accessing Your Reports

To view and download your reports:

1. Navigate to **Projects** in the main menu
2. Click on the completed project
3. Go to the **Reports** tab
4. Click **Download PDF** to save the report to your computer

<figure><img src="/files/9Eoi6a00b3Iv7vM4SEYM" alt="Reports tab showing available report with download button"><figcaption><p>Download your report as a PDF from the project detail page</p></figcaption></figure>

{% hint style="info" %}
Reports become available after the testing engagement is complete and the Catchify team has finalized their review. You will receive a notification when your report is ready.
{% endhint %}

## Understanding Your Report

Here are some tips for getting the most out of your pentest report:

**For executive audiences:**

* Start with the Executive Summary for a big-picture understanding
* Focus on the severity distribution and risk rating
* Use the strategic recommendations section for planning

**For technical teams:**

* Go directly to the Detailed Findings section
* Use the reproduction steps to understand each issue
* Follow the remediation recommendations to fix vulnerabilities
* Reference the findings when requesting retests

**For compliance teams:**

* The report can serve as evidence of security testing for audits and certifications
* The methodology section documents the testing standards applied
* The findings and remediation sections demonstrate your organization's approach to risk management

<figure><img src="/files/anaG6vXSwM9y82cvPHae" alt="Detailed finding within a pentest report showing description, evidence, and recommendation"><figcaption><p>Each finding in the report includes everything your team needs to take action</p></figcaption></figure>

## Sharing Reports

Pentest reports often need to be shared with different stakeholders. Here are some recommendations:

* **Board and executive team** -- Share the Executive Summary section
* **Development team** -- Share the Detailed Findings and Recommendations sections
* **Compliance and audit** -- Share the full report as evidence of testing
* **Third-party clients** -- Share with caution. Discuss with your account manager about what level of detail is appropriate to share externally.

{% hint style="warning" %}
Pentest reports contain sensitive information about your organization's security vulnerabilities. Handle them with care and limit distribution to authorized personnel only.
{% endhint %}

## Requesting Additional Reports

If you need a customized version of your report (for example, an executive-only summary or a report filtered to specific findings), contact your account manager. The Catchify team can prepare tailored versions to meet your specific needs.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.catchify.sa/catchify-platform-documentation/penetration-testing/reports.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.