ogSec Consulting

Lots of news below! ogSec is thrilled to announce the release of our first batch of courses in the Code Review & Architecture Fundamentals series! Drawing on years of experience in reviewing complex web applications and SaaS solutions, this series is crafted for individuals looking to elevate their skills in app security testing and code review. Our initial set of courses provides the essential groundwork for preparing and conducting effective assessments.

Our report writing course is extremely comprehensive. It covers the entire pentesting lifecycle, from receiving a scope of work to writing the report and performing re-testing on what you’ve found. While we can confidently say that everyone will benefit from completing the entire course, as there are certainly lessons to be learned even for seasoned professionals, sometimes individuals or businesses prefer to focus on known problems first and address them promptly.

Something that has been commonly requested by students of our report writing course is an example of what the report would look like if following the contents of the course. While all the information to produce such an example is available in the course, I’ve put together a couple of structural templates for folks to either use during the exercises in the course, or as a starting point when developing their own report templates.

It’s been a few weeks since we launched our report writing training course “The Art of Report Writing” and since then we’ve had some great conversations with folks on their challenges around reporting and client communication. One conversation that stood out was around a client using a third-party developer for several products. When a testing team assessed each product over a year it became apparent that not only were the vulnerabilities similar from product to product, but many instances of the same vulnerability were also present, indicating a systemic issue with both the code and the development team’s practices.