Our Report

A high-quality report is essential to any security audit. We translate complex analyses into clear, understandable decision-making criteria and specific recommendations for action.

Your Advantages with our Report at a Glance

Clear Basis for Decision-Making

Our reports translate complex technical findings into understandable, prioritised recommendations for action for your management team, thanks to concise management summaries and intuitive risk assessments.

Specific Recommendations for Action

With clear background information, detailed explanations and specific recommendations for action, vulnerabilities and security risks are a thing of the past.

Verifiable Compliance

Easily meet the requirements of standards such as GDPR, TISAX or ISO 27001 and use our report to demonstrate your due diligence to partners, customers and regulatory authorities.

Tangible Risk Minimisation

Proactively protect yourself against financial losses, business interruptions and reputational damage caused by cyber attacks.

Don’t take our word for it, see for yourself!

We will gladly send you our sample report by email. Simply subscribe to our newsletter. You will then receive our latest sample report in your welcome email!

Our report: More than just data

A top-notch report is at the heart of every security audit. We translate complex analyses into clear, understandable decision-making criteria. Our reports bundle highly technical vulnerabilities and complex matters into comprehensible findings and make risks understandable at a glance, thanks to concise management summaries and intuitive risk assessments.

On the technical side, background texts, detailed explanations and specific recommendations for action leave nothing to be desired. And even if they do, we are happy to tailor our report to your requirements and needs!

Management Summary

For decisions at management level, you don’t need technical details, but rather an assessment of the actual business risk. Our management summary is your one-page roadmap for strategic security decisions.

  • Understandable risk assessment: We summarise the general security situation in clear, non-technical terms.

  • Business Impact Analysis: We highlight the potential impact of the vulnerabilities found on your business processes, reputation and finances.

  • Key strategic recommendations: You will be given the most effective strategic measures that will significantly improve your security.

Excerpt from a Lutra Security penetration test report showing the management summary.

Excerpt from a Lutra Security penetration test report showing the technical details of a finding.

Technical analysis: Precise findings for your IT team

Your technical experts require accurate, reproducible information in order to efficiently eliminate weak points. Our technical section is tailored precisely to this purpose.

  • Detailed vulnerability description: Each identified vulnerability is described in detail along with its cause and impact.
  • Understandable Proof of Concept (PoC): We document the exact steps and provide the necessary proof (e.g. screenshots, code snippets) so that your team can understand the vulnerability without having to search for it.
  • The attacker narrative: We demonstrate how individual, seemingly harmless vulnerabilities in a chain can be exploited to cause maximum damage.

Risk assessment & prioritisation: Use resources in a targeted manner

Not all vulnerabilities are the same. To make the best use of your budget and time, we evaluate each finding according to industry standards such as the CVSS (Common Vulnerability Scoring System).

  • Clear risk ratings: Each findings is assigned one of four levels in terms of overall risk: critical, high, medium or low.
  • Transparent rating: The classification is based on factors such as the complexity of the attack, the level of authorisation required and the potential damage to the confidentiality, integrity and availability of your data.
  • Your benefit: You focus your resources where they are most needed and address the gaps that pose the greatest risk to your organisation first.

Excerpt from a Lutra Security penetration test report showing the risk assessment.

Excerpt from a Lutra Security penetration test report showing recommendations for remediation of a finding.

Concrete recommendations for action: From knowledge to action

We won’t leave you alone with the problems. For every vulnerability identified, we provide clear and actionable instructions for remediation.

  • Practical solutions: Instead of just referring to external guidelines, we provide specific recommendations tailored to your technology and architecture.
  • Examples & references: Wherever possible, we back up our recommendations with code examples, configuration suggestions and links to official vendor documentation.
  • Root cause analysis: We not only help you resolve the symptom, but also understand the underlying cause to avoid similar problems in the future.

By default, we write our penetration test reports in either German or English. We know that many of our customers have teams that operate internationally. That’s why we make sure that the technical terminology is precise and clearly understandable for your engineering and management teams in both languages.

We won’t let that happen. A detailed discussion of the results is an integral part of each of our projects. During this meeting, we go through the report together with your technical contacts and management, clarify any open questions about the vulnerabilities and discuss the proposed solutions to ensure that your team knows exactly what to do.

Yes, absolutely. Our report is modular and flexible. Whether you need special reporting for an ISO 27001 auditor, proof for TISAX or an assignment to the requirements of the DORA Regulation, simply discuss your specific requirements with us in a preliminary meeting. We will adapt the report structure to create maximum value for you.

The utmost confidentiality is a matter of utmost importance to us. The final report will be transmitted exclusively via a secure, encrypted channel to a small group of predefined recipients within your organisation. The results of our analysis are and will remain your property and will be treated with the utmost confidentiality.

Your path to our report

What does a penetration test at Lutra Security look like?

  • Initial consultation During an initial consultation, we will discuss your specific or less specific problem. We will first clarify how we can help you and whether you need us at all.
  • Effort estimation

    After the initial consultation, you will present the system in a scoping meeting. The underlying technology and technical basis will be explained in order to enable a well-founded cost estimate.

    We will then send you a quote with our cost estimate.

  • Kickoff

    During the kick-off meeting, the tester’s final questions about the system are answered.

    In addition, the tester’s requirements for conducting the assessment as efficiently as possible are discussed. In the case of a web application assessment, this could include various user accounts and firewall activation, for example.

  • Assessment Generally, you do not need to participate during the actual assessment. However, a contact person should be available to answer specific questions from the tester.
  • Reporting Each of our services includes a detailed report that describes the vulnerabilities and misconfigurations found in detail and provides specific recommendations for action.
  • Debriefing & remediation

    Of course, we won’t leave you in the dust after our service. We always offer a free follow-up meeting for our services, where we can chat about the results and answer any questions you might have.

    And, of course, we’ll still be there for you afterwards and happy to answer any questions you might have.

An overview of our services

Penetration testing & vulnerability analysis

The foundation of any security strategy. We conduct a comprehensive vulnerability analysis of your web applications, networks and APIs. This allows us to identify security gaps before attackers do.

Learn more

Cloud Security

The cloud offers agility, but also new risks. We analyse your AWS and Azure environments for critical misconfigurations and security vulnerabilities so that you can grow securely and in compliance..

Learn more

Physical security tests

Security does not end at the firewall. Through targeted social engineering and simulated break-in attempts, we test the security of your office buildings and data centres and uncover gaps in your physical defences.

Learn more

Red Teaming

Are you and your company ready for the ultimate test of red teaming? We slip into the role of real attackers and use all the techniques and tricks from MITRE ATT&CK. Can you detect and stop us? The reality check for your company.

Learn more

Ready to put your defence to the test?

Contact us for a free, no-obligation initial consultation, during which we will analyse your requirements:

Call us Book Now! Send us a mail

Founded by experts. Driven by your safety.

We are not an anonymous agency. Lutra Security was founded by four IT security experts with a shared mission: to proactively protect companies and make complex security solutions understandable and accessible. Your security is personally guaranteed by the founders.

David Schneider

Managing director and co-founder

Emanuel Böse

Managing director and co-founder

Konstantin Weddige

Managing director and co-founder

Stefan Feuerstein

Managing director and co-founder