Finding vulnerabilities and exploits on a target is a lot of fun – writing up the findings … not so much. Although the customers have paid for a penetration test, what they really want is the final report, which outlines what is wrong and how it needs to be fixed. The customer doesn't get excited when the penetration test engineer finally obtains a root shell account at 3:00 a.m. on a Saturday morning after spending all day figuring out what offset is needed to make a buffer overflow work. The customers gets excited when they receive a report that goes beyond their expectation in detailing ...