Researcher Login
Client Login
Sample CREST Pen Test Reports / 2026

See exactly what your CREST report will look like , before you commit.

Three real, redacted reports from a recent UK engagement: one for your developers, one for your leadership team, and one for public distribution. No demo call. No sales follow-up sequence. Just the deliverable.

13
Service categories
3
Reports per engagement
~10p
Redacted preview
Tier 03 · Public Distributable
Web Application Pen Test
Sanitised · Co-brandable
Tier 02 · Management Executive
Risk & Business Impact
For CISO · CTO · Audit
Tier 01 · Technical For Developers
Web Application Pen Test
OWASP Top 10 · Manual exploitation
CRITAuth bypass via 9.8
HIGHIDOR , 8.1
HIGHSSRF in 7.5
MEDRate-limit absent5.3
LOWMissing security headers3.1
Step 1 · Pick your category

Which sample report do you want?

Each category ships with all three tiers (Technical, Management, Public). Click a category, then submit the form below and download instantly.

Step 2 · Your details

Get the [pick a category] sample reports.

Fill in three fields and you’ll get the Technical, Management, and Public reports for the category you picked. Instant download, no email round-trip.

?SelectedNo category yet. Pick one above ↑
Instant download. No email round-trip.
Real findings. CVSS-scored, with remediation guidance.
No spam follow-ups. One submission, three PDFs, done.
Free · CREST · 2026 edition

Get the sample reports

Three fields. Reports unlock immediately.

Sorry, that didn’t go through. Try again or email contact@ejnlabs.com

GDPR · No 3rd-party trackers
What’s in the bundle

One engagement. Three audiences. Three reports.

Every EJN Labs engagement produces three distinct reports, each tuned to a specific reader. Hand the right one to the right team. No manual extraction.

Tier 01

Technical

For Developers

The full forensic record. Every finding with proof-of-concept request/response, CVSS 3.1 vector, exploitation chain, and a remediation block your engineers can action against the codebase.

  • HTTP request / response evidence + exploit chain
  • CVSS 3.1 base + temporal scoring
  • Code-level remediation (snippets where relevant)
  • OWASP / CWE / MITRE ATT&CK references
  • Reproduction steps for retest verification
AudienceEngineering
Tier 02

Management

For Executives

Business risk in plain English. What was tested, what we found, what it means for the company, and how long it’ll take to fix. Designed to brief a CISO, CTO, or audit committee in 10 minutes.

  • Executive risk summary & heat map
  • Business-impact narrative per finding
  • Remediation timeline & effort estimate
  • Compliance mapping (ISO 27001, SOC 2, PCI DSS)
  • Trend comparison vs. previous engagements
AudienceLeadership
Tier 03

Public

For Distribution

A safe-to-distribute proof of testing. Contains the methodology, scope, attestation, and severity counts, but no sensitive technical detail. Share it in an RFP response without a redaction round.

  • Scope, methodology & standards followed
  • Severity counts & remediation status
  • CREST attestation page (signed)
  • Zero PoC, zero technical detail. Fully sanitised
  • Co-brandable on request
AudiencePublic
Inside the deliverable

Every report ships with six structured sections.

Whatever the category, every CREST engagement we run produces the same six-section structure. Here is what each section contains and which audience reads it.

01

Risk Summary & Executive Overview

A heat-map of every finding by severity, the business-context narrative behind each one, and a one-page version your CISO or audit committee can read in five minutes.

For: Management tier
02

Approach, Scope & Caveats

Exactly what was tested (and what was not), the methodology applied, the time-box, and any limitations identified during the engagement.

For: All tiers
03

Findings Summary with CVSS

Every issue scored on CVSS 3.1 base and temporal vectors, ranked by severity. Includes the affected assets list and a prioritised fix order.

For: All tiers
04

Technical Detail per Finding

HTTP request and response evidence, the exploitation chain walkthrough, proof-of-concept payloads, and reproduction steps for retest verification.

For: Technical tier
05

Remediation Guidance & Timelines

Code-level fixes where relevant, vendor patch references, secure configuration examples, and an effort estimate per finding.

For: Technical and Management tiers
06

Compliance Mapping

Findings cross-referenced against OWASP Top 10, CWE, MITRE ATT&CK, ISO 27001, SOC 2, and PCI DSS for direct insertion into your audit packs.

For: All tiers
A finding from the bundle

This is exactly what a finding looks like in the technical report.

Every issue we surface comes with this level of evidence: vector, scoring, reproduction steps, and remediation a developer can ship by end of sprint. No vague “consider hardening” language.

↓ Live preview · Redacted
EJN-WAPT-2026-04-001 · Finding 01 of 27
● Critical OWASP A07:2021 CWE-287 Auth Bypass
Authentication bypass via JWT signature verification flaw on session refresh endpoint
CVSS 3.19.8 / 10
VectorAV:N/AC:L/PR:N
ExposureInternet-facing
# PoC :: request
POST /api/v2/session/refresh HTTP/1.1
Host: 
Authorization: Bearer eyJhbGc

# Server accepts alg: none JWT and issues
# a fresh session for any user_id supplied.
Remediation summary: Pin the JWT verification algorithm to RS256, reject tokens with alg: none. Effort: ~2h. Full remediation block in technical report.
FAQ

Questions before you download.

Anything else? Email the team.

Are these reports from a real engagement?

Yes. The bundle is a real engagement we delivered in April 2026, fully redacted. Names, IPs, hostnames, customer references, and any sensitive technical detail have been replaced. Severity counts, methodology, formatting, and remediation language are unchanged.

Why three reports per engagement?

Because three audiences need three things. Engineers need PoC + remediation. Executives need risk + business impact + timeline. Auditors and customers need attestation + counts without exposing internals.

Will I be added to a sales sequence?

No automated sequence. We just notify our team that you downloaded so we can answer questions if you reply. We don’t send marketing follow-ups.

Can I share the Public report with customers?

That’s exactly what it’s for. The Public report is sanitised to zero technical detail and includes a CREST attestation page. Many of our clients pass it through to enterprise prospects in RFP responses and SOC 2 evidence packages.

What format are the reports?

PDF. Roughly 35–80 pages depending on the service. Branded, formatted to print on A4, navigable via internal links and bookmarks.

Last call

Take the deliverable for a test drive.

Three reports, three fields, instant download. Have a look at the format you’d receive. Then decide whether to talk to us.

EJN Labs

EJN Labs

We are an CREST certified, AI led threat research and cyber security services company based in Canary Wharf, London, UK. Schedule a call to find out more!

Company

Services

Contact Us

Location
  • 44-45 Beaufort Court Admirals Way London E14 9XL
Phone
  • 02045771740
Email
Office hours
  • Monday – Friday : 8:00 AM – 5:00 PM
Scroll to Top