Omni Cyber
Omni Cyber
Your IT Security Partner
OmniShieldHomeAbout UsIndustriesCase StudiesBlogFAQContact Us
Sample Report

Clear reporting for leadership and technical teams.

Omni Cyber reports explain business risk, technical evidence, affected assets, and practical remediation steps in one structured deliverable.

Request AssessmentView Penetration Testing
Penetration Test Report

Executive Summary

Client-ready preview

This sample illustrates how findings are summarised, prioritised, and linked to remediation guidance for both business and technical stakeholders.

1
Critical
2
High
2
Medium
1
Low

Broken Access Control

Critical

Unauthorised access to restricted business data through predictable object references. Authenticated users could access records belonging to other accounts by modifying a single parameter in the request.

Remediation

Implement server-side authorisation checks on every data access. Validate that the requesting user owns the requested resource before returning data.

Insecure File Upload

High

File upload validation relied only on client-side checks and file extension filtering. An attacker could upload executable content by manipulating the Content-Type header, potentially leading to remote code execution.

Remediation

Validate file content server-side using magic bytes. Store uploads outside the web root and serve via a controlled endpoint. Restrict permitted MIME types and enforce size limits.

Weak Session Management

High

Session tokens were not invalidated on logout and had no expiry enforced server-side. A stolen token remained valid indefinitely, allowing persistent unauthorised access after a user had signed out.

Remediation

Enforce server-side session expiry. Invalidate tokens immediately on logout. Rotate tokens after privilege changes such as login or role escalation.

Missing Security Headers

Medium

Content-Security-Policy, X-Frame-Options, and Referrer-Policy headers were absent across public-facing pages. This increases exposure to clickjacking, data leakage via referrer, and script injection attacks.

Remediation

Add a strict Content-Security-Policy. Set X-Frame-Options to DENY. Configure Referrer-Policy to strict-origin-when-cross-origin across all responses.

Verbose Error Messages

Medium

Application error responses included stack traces, internal file paths, and framework version information. This provides an attacker with a detailed map of the application internals to assist further exploitation.

Remediation

Configure a generic error handler for all production environments. Log detailed errors server-side only. Return a minimal, user-friendly error response to clients.

Information Disclosure

Low

HTTP response headers exposed the web server version and framework. Non-sensitive but reduces the effort required for targeted enumeration.

Remediation

Remove or suppress Server, X-Powered-By, and X-AspNet-Version headers. These headers provide no user benefit and should not be present in production.

Remediation Plan
1
Confirm exposure
2
Prioritise fixes
3
Retest resolved issues
↕ Scroll to view full report

Want reporting like this?

Speak to Omni Cyber to discuss penetration testing and reporting requirements.

Request Assessment