Quick Search
Audit Reports
Audit Reports: 
Both procedures and results of security audits are usually discussed in sufficient detail with the management and technical specialists of a client company or organisation and, upon request, illustrated presentations to all interested representatives are also provided. Nevertheless, the audit report remains the most obvious, straightforward, solid and legally significant outcome of the performed security assessment. Only the complete and correct drafting of the report can guarantee necessary level of understanding of all uncovered issues, thus enabling timely elimination of the described problems in accordance with risk-based priorities.
Audit reports composed by Aura team are highly detailed, cover both technical and management information security perspectives, and always contain the following elements and sections:
Report summary
The assessment outcome in brief, that includes executive summary of findings written with the client company management in mind and supplemented by a list of key audit discoveries, as well as necessary tables and graphs.
Report interpretation
"The battlefield, tactics, signals and plans". This formal section outlines the audit background, purpose, scope, general methodologies and terminology used within the report. It provides a full description of the criteria used by our auditors to evaluate risks and judge potential attacker skills.
Network reconnaissance
"What the radars show". Apart from all information gathered about the assessed networks, systems and services, supplemented with schemes reflecting these findings, this section also covers miscellaneous issues that can not be defined as vulnerabilities. While such problems do not present direct security threats, they can not be ignored.
Vulnerabilities discovered
"The tactical goals reached". A technical description for every uncovered vulnerability is accompanied by detailed recommendations on it's elimination and a brief assessment of it's seriousness and all associated risks. In addition, the level of technical proficiency needed to abuse every security flaw found with a reasonable degree of success is estimated.
Conclusions
"The strategic analysis". This brief, but absolutely vital section of the report is dedicated to the overall judgement of the security state of all assessed IT infrastructure and operational procedures. Potential attacker's approaches, methodologies and actions are analysed and predicted. On the basis of this forecast, well-informed advice covering risk mitigation priorities is provided. Besides, the Conclusions outline more general, non-technical, management level countermeasures that should be applied in order to close all discovered gaps and prevent similar problems occurring in the future.
Appendices
The Appendices typically provide highly technical details for your IT specialists that won't comfortably fit into the rest of the audit report but can be helpful during hands-on flaw fixing. Such details may include scanning tools output, exploit or vulnerable code, scripts, unusual error messages, samples of captured network traffic, brief technical descriptions of relevant vulnerability classes etc. Quite often, the Appendices also include illustrative examples of successful penetration, like the lists of cracked passwords, samples of retrieved confidential data, screenshots of temporarily modified websites and other proof-of-concept materials.
Our professionals are always available to explain and clarify to you and your IT personnel any technical data, statements, conclusions, provisions and recommendations within the report, as well as offer expert help in resolving all issues uncovered during the security assessment.