SlideShare ist ein Scribd-Unternehmen logo

Effective Cyber Security Report Writing

OWASP Delhi
OWASP Delhi

Session presented in the Combined [nullDelhi + OWASPDelhi] webinar on 31st May. Watch the webinar here - https://www.youtube.com/watch?v=22Hccp-7UDU A person's assessment/ investigation is only as good as the report that supports it. A good quality or effective report is a presentation of you as an assessor, analyst, or consultant. The speaker discusses here the important points to keep in mind while preparing a Cyber Security Report. A must know webinar for all - freshers, professionals, bug bounty hunters and the C- level entities.

Bildung
1 von 20
Downloaden Sie, um offline zu lesen
Effective Report Writing Cyber Security
whoami? Ashwini Varadkar Sr. Security Analyst 5. 6 years of Experience in Cyber Security Avid Reader Kathak Professional Special Love Towards Reporting :p
What is a Report? “Report” is derived from the Latin word of “reportare” which means carry back. Re is back and portare means to carry. Represents information in structured format, is short and concise, purposeful, and has audience.
Cyber Security and Reports - The Inseparables • SOC • Assessment • DFIR • GRC
The Reality Check! As to how did we realize that there is a gap that needs to be addressed? • Leader/Reviewer/Project Manager • Other way: • Client report rejection • Social media posts • Not talked about a lot
Need for Effective Writing Reputation Consulting
Common Mistakes COMMUNICATING SOMEONE ELSE’S OUTPUT VAGUE SENTENCES IMAGE RELATED ISSUES
Common Concerns • Unable to lead people through the content in a structured way. They should get the information that they want quickly and easily. • Confusion often arises about the writing style, what to include, the language to use, the length of the document and other factors.
What is Effective? :/ Rules Concept
Formal Writings • What all comes under the umbrella of formal writing? • Academic research papers • Business presentations, • Emails and memorandums • Business reports for conveying information • and other types of official correspondence.
Contractions • Avoid using contracted words. E.g.: oShould + not = Shouldn’t oWill + not = Won’t oAre + not = Aren’t oIs + not = Isn’t
Stay Active • Active voices – Sentences that are direct and concise. E.g. o Passive voice – An instance of XSS was observed by the analyst. o Active voice – The analyst observed an XSS instance. o Passive voice – Instructions will be given to you by the assessor. o Active voice – The assessor will give you instructions.
Capitalization in Titles • Thumb Rule: o Capitalize the important words in the title o E.g – Weak Password Policy in Use o E.g – Cross-Site Request Forgery (CSRF) • So which words are usually written in lowercase when creating headlines and titles? o Articles (a, an, the) o Coordinating Conjunctions (and, but, for) o Short (less than 5 letters) Prepositions (at, by, from) Consistency is the KEY
• Lower Case Titles o E.g – Weak password policy in use o E.g – Cross-site request forgery (CSRF) • Same rule applies to the image captions (these are nothing but short titles).
Capitalization in Sentences • Avoid random capitalization of letters in sentences. oE.g: URL's should not contain any Sensitive Information, for example, a session Token, as the information is often logged at various locations. oSimply: URL's should not contain any sensitive information, for example, a session token, as the information is often logged at various locations. • Capitalize proper nouns (names, countries, cities) such as the below sentence. oE.g: xyzOrg discovered multiple instances of weak physical security in SampleOrganization’s Chicago data centre.
Software Name • It is JavaScript (abbreviated as JS) and not Javascript • jQuery and not Jquery or JQuery • Clickjacking and not ClickJacking Simply check the tool/service/software name on their official websites! This also applies to attack names. • EternalBlue • POODLE Consistency is the KEY
Highlights and Emphasis • Make relevant highlights. • Use single or double quotes to stress on a word. Ensure consistency. • Subtitles can be emphasized by using bold (under PoC section, under Remediation). • Observe the template. If XYZ uses single quotes for highlights, continue that in your write up too. Consistency is the KEY
Images • General points: • All images must be aligned in one specific way. • Relevant masking must be done. • Relevant highlights must be made. • Image should be clear. Consistency is the KEY
Conclusion • Note the points discussed here • Write • Write down the points • Frame sentence around it • Ask for help • Share the responsibilities • Courses / Apps • Books/Ebooks • Checklist Consistency is the KEY
Thank You J

Empfohlen

srs for railway reservation system
srs for railway reservation system srs for railway reservation system
srs for railway reservation system
khushi kalaria
 
Project Report On Online Crime Management Application
Project Report On Online Crime Management ApplicationProject Report On Online Crime Management Application
Project Report On Online Crime Management Application
satvirsandhu9
 
summer training report on python
summer training report on pythonsummer training report on python
summer training report on python
Shubham Yadav
 
Project report of OCR Recognition
Project report of OCR RecognitionProject report of OCR Recognition
Project report of OCR Recognition
Bharat Kalia
 
Computer forensics and steganography
Computer forensics and steganographyComputer forensics and steganography
Computer forensics and steganography
Xavier Prathap
 
Software reuse ppt.
Software reuse ppt.Software reuse ppt.
Software reuse ppt.
Sumit Biswas
 
Hostel management system srs
Hostel management system srsHostel management system srs
Hostel management system srs
hira akram
 
online ambulance service.pptx
online ambulance service.pptxonline ambulance service.pptx
online ambulance service.pptx
ssusere7086c
 

Empfohlen

srs for railway reservation system
srs for railway reservation system srs for railway reservation system
srs for railway reservation system
khushi kalaria
 
Project Report On Online Crime Management Application
Project Report On Online Crime Management ApplicationProject Report On Online Crime Management Application
Project Report On Online Crime Management Application
satvirsandhu9
 
summer training report on python
summer training report on pythonsummer training report on python
summer training report on python
Shubham Yadav
 
Project report of OCR Recognition
Project report of OCR RecognitionProject report of OCR Recognition
Project report of OCR Recognition
Bharat Kalia
 
Computer forensics and steganography
Computer forensics and steganographyComputer forensics and steganography
Computer forensics and steganography
Xavier Prathap
 
Software reuse ppt.
Software reuse ppt.Software reuse ppt.
Software reuse ppt.
Sumit Biswas
 
Hostel management system srs
Hostel management system srsHostel management system srs
Hostel management system srs
hira akram
 
online ambulance service.pptx
online ambulance service.pptxonline ambulance service.pptx
online ambulance service.pptx
ssusere7086c
 
Fake news detection project
Fake news detection projectFake news detection project
Fake news detection project
HarshdaGhai
 
Handwritten Character Recognition
Handwritten Character RecognitionHandwritten Character Recognition
Handwritten Character Recognition
Constantine Priemski
 
online news portal system
online news portal systemonline news portal system
online news portal system
Arman Ahmed
 
Online Job Portal ppt presentation
Online Job Portal ppt presentationOnline Job Portal ppt presentation
Online Job Portal ppt presentation
Prateek Kulshrestha
 
Report on web development
Report on web developmentReport on web development
Report on web development
AJEETKUMAR932614
 
Final year internship presentation
Final year internship presentationFinal year internship presentation
Final year internship presentation
Nischal0101
 
Machine learning Summer Training report
Machine learning Summer Training reportMachine learning Summer Training report
Machine learning Summer Training report
Subhadip Mondal
 
Simple Calendar Application using C
Simple Calendar Application using CSimple Calendar Application using C
Simple Calendar Application using C
codewithc
 
Internship report
Internship reportInternship report
Internship report
Alok Chaudhary
 
Web Development
Web DevelopmentWeb Development
Web Development
Lena Petsenchuk
 
Voice assistant ppt
Voice assistant pptVoice assistant ppt
Voice assistant ppt
AkashKumbhar18
 
News portal
News portalNews portal
News portal
Arman Ahmed
 
CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...
CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...
CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...
Editor IJMTER
 
Housing price prediction
Housing price predictionHousing price prediction
Housing price prediction
Abhimanyu Dwivedi
 
Online news 365
Online news 365Online news 365
Online news 365
Manish Kumar
 
Detection of plant diseases
Detection of plant diseasesDetection of plant diseases
Detection of plant diseases
Muneesh Wari
 
Machine learning in Banks
Machine learning in BanksMachine learning in Banks
Machine learning in Banks
Abhishek Upadhyay
 
Plant Disease Prediction using CNN
Plant Disease Prediction using CNNPlant Disease Prediction using CNN
Plant Disease Prediction using CNN
vishwasgarade1
 
Online Job Portal (UML Diagrams)
Online Job Portal (UML Diagrams)Online Job Portal (UML Diagrams)
Online Job Portal (UML Diagrams)
Syed Muhammad Zeejah Hashmi
 
Disease prediction using machine learning
Disease prediction using machine learningDisease prediction using machine learning
Disease prediction using machine learning
JinishaKG
 
Hidden sides of Code Review (MMM-2023)
Hidden sides of Code Review (MMM-2023)Hidden sides of Code Review (MMM-2023)
Hidden sides of Code Review (MMM-2023)
Dmitrii Ivanov
 
Mind the Semantic Gap
Mind the Semantic GapMind the Semantic Gap
Mind the Semantic Gap
Panos Alexopoulos
 

Weitere ähnliche Inhalte

Was ist angesagt?

Online Job Portal ppt presentation
Online Job Portal ppt presentationOnline Job Portal ppt presentation
Online Job Portal ppt presentation
Prateek Kulshrestha
 
CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...
CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...
CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...
Editor IJMTER
 
Machine learning in Banks
Machine learning in BanksMachine learning in Banks
Machine learning in Banks
Abhishek Upadhyay
 
Plant Disease Prediction using CNN
Plant Disease Prediction using CNNPlant Disease Prediction using CNN
Plant Disease Prediction using CNN
vishwasgarade1
 

Was ist angesagt? (20)

Fake news detection project
Fake news detection projectFake news detection project
Fake news detection project
 
Handwritten Character Recognition
Handwritten Character RecognitionHandwritten Character Recognition
Handwritten Character Recognition
 
online news portal system
online news portal systemonline news portal system
online news portal system
 
Online Job Portal ppt presentation
Online Job Portal ppt presentationOnline Job Portal ppt presentation
Online Job Portal ppt presentation
 
Report on web development
Report on web developmentReport on web development
Report on web development
 
Final year internship presentation
Final year internship presentationFinal year internship presentation
Final year internship presentation
 
Machine learning Summer Training report
Machine learning Summer Training reportMachine learning Summer Training report
Machine learning Summer Training report
 
Simple Calendar Application using C
Simple Calendar Application using CSimple Calendar Application using C
Simple Calendar Application using C
 
Internship report
Internship reportInternship report
Internship report
 
Web Development
Web DevelopmentWeb Development
Web Development
 
Voice assistant ppt
Voice assistant pptVoice assistant ppt
Voice assistant ppt
 
News portal
News portalNews portal
News portal
 
CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...
CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...
CHARACTER RECOGNITION USING NEURAL NETWORK WITHOUT FEATURE EXTRACTION FOR KAN...
 
Housing price prediction
Housing price predictionHousing price prediction
Housing price prediction
 
Online news 365
Online news 365Online news 365
Online news 365
 
Detection of plant diseases
Detection of plant diseasesDetection of plant diseases
Detection of plant diseases
 
Machine learning in Banks
Machine learning in BanksMachine learning in Banks
Machine learning in Banks
 
Plant Disease Prediction using CNN
Plant Disease Prediction using CNNPlant Disease Prediction using CNN
Plant Disease Prediction using CNN
 
Online Job Portal (UML Diagrams)
Online Job Portal (UML Diagrams)Online Job Portal (UML Diagrams)
Online Job Portal (UML Diagrams)
 
Disease prediction using machine learning
Disease prediction using machine learningDisease prediction using machine learning
Disease prediction using machine learning
 

Ähnlich wie Effective Cyber Security Report Writing

Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
IT Arena
 
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
Dr. Haxel Consult
 
2007 Writing Presentation given as guest lecturer, George Mason University
2007 Writing Presentation given as guest lecturer, George Mason University2007 Writing Presentation given as guest lecturer, George Mason University
2007 Writing Presentation given as guest lecturer, George Mason University
Stephen Bates
 

Ähnlich wie Effective Cyber Security Report Writing (20)

Hidden sides of Code Review (MMM-2023)
Hidden sides of Code Review (MMM-2023)Hidden sides of Code Review (MMM-2023)
Hidden sides of Code Review (MMM-2023)
 
Mind the Semantic Gap
Mind the Semantic GapMind the Semantic Gap
Mind the Semantic Gap
 
Opinion Mining
Opinion MiningOpinion Mining
Opinion Mining
 
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
Iulia Pasov, Sixt. Trends in sentiment analysis. The entire history from rule...
 
Software Design
Software DesignSoftware Design
Software Design
 
Hidden sides of Code Review (Do-iOS)
Hidden sides of Code Review (Do-iOS)Hidden sides of Code Review (Do-iOS)
Hidden sides of Code Review (Do-iOS)
 
Keep It Simple - presentation at ASTC October 2018
Keep It Simple - presentation at ASTC October 2018Keep It Simple - presentation at ASTC October 2018
Keep It Simple - presentation at ASTC October 2018
 
Technical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).ppt
Technical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).pptTechnical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).ppt
Technical+Writing+Introduction+PowerPoint.ppt+2223_1_(1).ppt
 
How to build a winning Data Science resume
How to build a winning Data Science resumeHow to build a winning Data Science resume
How to build a winning Data Science resume
 
Role of compliance in security audits
Role of compliance in security auditsRole of compliance in security audits
Role of compliance in security audits
 
SOFLUX Meetup - Landing on your dream job
SOFLUX Meetup - Landing on your dream jobSOFLUX Meetup - Landing on your dream job
SOFLUX Meetup - Landing on your dream job
 
principles of effective writing
principles of effective writingprinciples of effective writing
principles of effective writing
 
Tutorial on Opinion Mining and Sentiment Analysis
Tutorial on Opinion Mining and Sentiment AnalysisTutorial on Opinion Mining and Sentiment Analysis
Tutorial on Opinion Mining and Sentiment Analysis
 
Braun, Clarke & Hayfield Thematic Analysis Part 3
Braun, Clarke & Hayfield Thematic Analysis Part 3Braun, Clarke & Hayfield Thematic Analysis Part 3
Braun, Clarke & Hayfield Thematic Analysis Part 3
 
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
AI-SDV 2022: Embedding-based Search Vs. Relevancy Search: comparing the new w...
 
How to Implement Domain Driven Design in Real Life SDLC
How to Implement Domain Driven Design in Real Life SDLCHow to Implement Domain Driven Design in Real Life SDLC
How to Implement Domain Driven Design in Real Life SDLC
 
Copywriting 101 - Delucchi Plus
Copywriting 101 - Delucchi PlusCopywriting 101 - Delucchi Plus
Copywriting 101 - Delucchi Plus
 
2007 Writing Presentation given as guest lecturer, George Mason University
2007 Writing Presentation given as guest lecturer, George Mason University2007 Writing Presentation given as guest lecturer, George Mason University
2007 Writing Presentation given as guest lecturer, George Mason University
 
Prototyping Accessibility - WordCamp Europe 2018
Prototyping Accessibility - WordCamp Europe 2018Prototyping Accessibility - WordCamp Europe 2018
Prototyping Accessibility - WordCamp Europe 2018
 
Code Quality Makes Your Job Easier
Code Quality Makes Your Job EasierCode Quality Makes Your Job Easier
Code Quality Makes Your Job Easier
 

Mehr von OWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
OWASP Delhi
 

Mehr von OWASP Delhi (20)

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
 
UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 
Hostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit PrateekHostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit Prateek
 

Kürzlich hochgeladen

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Kürzlich hochgeladen (20)

Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 

Effective Cyber Security Report Writing

  • 2. whoami? Ashwini Varadkar Sr. Security Analyst 5. 6 years of Experience in Cyber Security Avid Reader Kathak Professional Special Love Towards Reporting :p
  • 3. What is a Report? “Report” is derived from the Latin word of “reportare” which means carry back. Re is back and portare means to carry. Represents information in structured format, is short and concise, purposeful, and has audience.
  • 4. Cyber Security and Reports - The Inseparables • SOC • Assessment • DFIR • GRC
  • 5. The Reality Check! As to how did we realize that there is a gap that needs to be addressed? • Leader/Reviewer/Project Manager • Other way: • Client report rejection • Social media posts • Not talked about a lot
  • 6. Need for Effective Writing Reputation Consulting
  • 7. Common Mistakes COMMUNICATING SOMEONE ELSE’S OUTPUT VAGUE SENTENCES IMAGE RELATED ISSUES
  • 8. Common Concerns • Unable to lead people through the content in a structured way. They should get the information that they want quickly and easily. • Confusion often arises about the writing style, what to include, the language to use, the length of the document and other factors.
  • 9. What is Effective? :/ Rules Concept
  • 10. Formal Writings • What all comes under the umbrella of formal writing? • Academic research papers • Business presentations, • Emails and memorandums • Business reports for conveying information • and other types of official correspondence.
  • 11. Contractions • Avoid using contracted words. E.g.: oShould + not = Shouldn’t oWill + not = Won’t oAre + not = Aren’t oIs + not = Isn’t
  • 12. Stay Active • Active voices – Sentences that are direct and concise. E.g. o Passive voice – An instance of XSS was observed by the analyst. o Active voice – The analyst observed an XSS instance. o Passive voice – Instructions will be given to you by the assessor. o Active voice – The assessor will give you instructions.
  • 13. Capitalization in Titles • Thumb Rule: o Capitalize the important words in the title o E.g – Weak Password Policy in Use o E.g – Cross-Site Request Forgery (CSRF) • So which words are usually written in lowercase when creating headlines and titles? o Articles (a, an, the) o Coordinating Conjunctions (and, but, for) o Short (less than 5 letters) Prepositions (at, by, from) Consistency is the KEY
  • 14. • Lower Case Titles o E.g – Weak password policy in use o E.g – Cross-site request forgery (CSRF) • Same rule applies to the image captions (these are nothing but short titles).
  • 15. Capitalization in Sentences • Avoid random capitalization of letters in sentences. oE.g: URL's should not contain any Sensitive Information, for example, a session Token, as the information is often logged at various locations. oSimply: URL's should not contain any sensitive information, for example, a session token, as the information is often logged at various locations. • Capitalize proper nouns (names, countries, cities) such as the below sentence. oE.g: xyzOrg discovered multiple instances of weak physical security in SampleOrganization’s Chicago data centre.
  • 16. Software Name • It is JavaScript (abbreviated as JS) and not Javascript • jQuery and not Jquery or JQuery • Clickjacking and not ClickJacking Simply check the tool/service/software name on their official websites! This also applies to attack names. • EternalBlue • POODLE Consistency is the KEY
  • 17. Highlights and Emphasis • Make relevant highlights. • Use single or double quotes to stress on a word. Ensure consistency. • Subtitles can be emphasized by using bold (under PoC section, under Remediation). • Observe the template. If XYZ uses single quotes for highlights, continue that in your write up too. Consistency is the KEY
  • 18. Images • General points: • All images must be aligned in one specific way. • Relevant masking must be done. • Relevant highlights must be made. • Image should be clear. Consistency is the KEY
  • 19. Conclusion • Note the points discussed here • Write • Write down the points • Frame sentence around it • Ask for help • Share the responsibilities • Courses / Apps • Books/Ebooks • Checklist Consistency is the KEY