Summary  
This chapter explains how to systematically gather and organize evidence—such as screenshots, logs, and code snippets—by capturing and formatting data outputs into clear, structured documentation.  

General domain of usage  
Penetration testing

## Documenting Findings

Properly recording vulnerabilities is one of the most important steps in a penetration test. When you document your findings clearly and accurately, you help organizations understand their security risks and take action to fix them. Good documentation ensures:

- All discovered vulnerabilities are tracked;
- Each issue is described in a way that anyone can understand;
- Evidence and details are included for verification;
- Remediation steps are suggested to help address the problems.

Accurate documentation is essential for both technical teams and decision-makers. It provides a clear record of what was found, why it matters, and how to improve security. By carefully documenting your findings, you support better communication, accountability, and long-term security improvements.

## Collecting Evidence During a Penetration Test

Collecting evidence is a critical part of a penetration test. You need to document every finding with clear, reliable proof. This helps organizations understand the risks and take action. Use these practical methods to gather strong evidence:

### Screenshots
- Capture images of important steps, such as when you access a restricted area or trigger a vulnerability;
- Highlight key details in the screenshot, like URLs, error messages, or user information;
- Use built-in screenshot tools or third-party software to save images securely.

**Example:**
If you bypass a login page, take a screenshot showing the restricted dashboard with your username visible.

### Logs
- Save relevant log files that show suspicious activity or successful exploits;
- Collect logs from applications, system events, or network devices;
- Make sure timestamps and source information are included for context.

**Example:**
Export a web server log that records your SQL injection attempt, showing the exact request and response codes.

### Code Snippets
- Copy and paste important pieces of code or script output that demonstrate vulnerabilities;
- Use clear formatting to show commands you entered and responses from the system;
- Redact any sensitive data before sharing the evidence.

**Example:**
Show the exact `curl` command you used to exploit an API and the resulting JSON response that reveals sensitive data.

Always organize your evidence clearly and securely. This ensures your findings are credible and easy for others to understand.

Which approach should you follow to ensure your penetration test findings are useful for the client?

A hands-on course guiding learners through the essentials of web application and API penetration testing, from foundational concepts to exploitation techniques and professional reporting. Includes real-world scenarios, practical tasks, and review questions to reinforce learning.

Covers the foundational knowledge required for web application and API penetration testing, including methodologies, ethics, and reconnaissance.

Focuses on identifying and exploiting common vulnerabilities in web applications and APIs through practical, hands-on tasks.

Covers the process of documenting findings, creating professional reports, and recommending remediation steps.