Skip to main content

What Your Security Report Includes

Real proof, not theoretical risks. Every finding documented with evidence, impact, and specific steps to fix it.

Sample Report

Plain English your CEO can read

Every report follows this structure. Real evidence, specific remediation, and clear prioritisation. Excerpts from an anonymised Security Assessment report below.

Based on a real assessment12 findings · 74K records · 2-day assessment
N90 LabsConfidential

Executive Summary

Security assessment of — a customer-facing web application serving approximately 30 employees and 74,000+ customer records. Assessment covered all publicly accessible endpoints, live exploitation testing, and PII enumeration.

Overall Risk Rating

CRITICAL

Multiple unauthenticated endpoints expose the entire customer database, payment history, and employee records. Active exploitation is trivial and requires no technical skill.

12

Findings

74,678

Records exposed

197

DB tables readable

254

Scanned documents

5

Hardcoded passwords

2,548

PHP files reviewed

Severity Distribution

4 Critical5 High3 Medium

Immediate Actions Required

  1. 1.Block unauthenticated data export endpoint (highest priority — exposes entire database)
  2. 2.Remove public debug page displaying database credentials
  3. 3.Restrict directory access to scanned documents
  4. 4.Rotate all database passwords and JWT secrets
  5. 5.Disable open email relay
Prepared for · March 2026Page 3 of 32

Excerpted from a real assessment report. Client details anonymised. Evidence redacted.

Get your reportor talk to us

What each tier's report contains

Every report is written in plain English. Higher tiers include more depth, but even the Quick Scan gives you actionable findings.

Quick Scan

2–5 pages
  • Prioritised findings with severity ratings
  • What we found and why it matters
  • Specific remediation steps
  • Plain-English throughout

Security Assessment

10–25 pages
  • Executive summary with overall risk rating
  • Findings summary table (severity, category, status)
  • Detailed findings with real evidence (tables of extracted data, URLs, screenshots)
  • Attack chain analysis
  • Data exposure summary with record counts
  • Prioritised remediation plan (do today / this week / this month)
  • Methodology appendix

Full Audit

25–50 pages
  • Everything in Security Assessment report
  • Source code findings with code-level remediation guidance
  • Credential audit results
  • Compliance readiness section (CCPA/GDPR/PCI DSS gap analysis)
  • Statutory context (potential fines, liability per record, notification obligations)
  • Separate technical appendix for development team

Codebase Health (add-on)

15–30 pages
  • Executive summary with overall health rating (1–10)
  • Technology stack with EOL status
  • Code quality metrics and architecture assessment
  • Test coverage and dependency audit with CVEs
  • 2–3 modernisation options with cost ranges and timelines
  • Prioritised roadmap (immediate / short / medium / long-term)
See pricingMost popular: Security Assessmentor talk to us first

Ready to get your report?

Fixed pricing, no scoping calls. Buy online, we start within 24 hours.

See pricingSee our methodology