Reading your report

Your Pentesty report is designed to be readable by anyone, not just security experts. Here is what each section means.

Risk Score

A single number from 0 to 100 summarizing the overall security health of your app. Lower is better.

0–30: Good shape. Minor issues to address.
31–60: Some attention needed. Review high and critical findings.
61–100: Urgent. Critical vulnerabilities need immediate action.

Severity levels

Critical: Fix today. These can be exploited immediately and cause serious damage.
High: Fix this week. Significant risk that should be addressed before your next release.
Medium: Fix this sprint. Real issues that reduce your overall security posture.
Low: Track it. Worth fixing eventually but not an immediate threat.

CVSS Score

CVSS is an industry-standard scoring system from 0 to 10. Think of it as a grade for how dangerous a specific vulnerability is. A CVSS of 9.8 is critical; a CVSS of 2.1 is low risk. You don't need to calculate anything. Pentesty shows these scores automatically.

Executive Summary

A one-page plain-English summary of what was found. This is the section you share with investors, auditors, or enterprise clients who want proof of security without reading the technical details.

Remediation Plan

Step-by-step instructions for fixing each vulnerability, written for developers. Forward this section directly to your engineering team. Each item includes what the issue is, why it matters, and exactly how to fix it.

On Enterprise plans, every finding in your report has been reviewed and validated by a certified human pentester before you receive it.

FAQ →