Uni paper - how to reference a large report produced for the paper?

ivrytwr3 · 10 Jul 2014 at 23:35

Sorry for the title!

I am preparing a paper that covers Pen Testing, during this process i ran 2 x vulnerability scanners; 1 generated a 20 page report and the other a 124 page report!

All of the info is relevant so how do i reference it? A link in the paper to the document stored on a fileserver? Put it as an Appendix? Or...............?

Ta!

ivrytwr3 · 10 Jul 2014 at 23:56

It's a target network scan which gives an exec summary of the vulnerabilities found then describes each in detail, solutions, exploits etc, so all relevant - so you would really appendix a 124 page doc?

ivrytwr3 · 11 Jul 2014 at 05:22

Ask your tutor

[sarcasm] well i never thought of that! [/sarcasm]

I posted this at 2335 when i was writing the paper, i don't think my tutor would appreciate me calling at that time. I asked here in case others had to do something similar and wished to benefit from their experience.

ivrytwr3 · 18 Jul 2014 at 10:58

Bah! Well i emailed the tutor and he answered one of my questions, but not the one relating to the large report; i have sent another email! However, as the due date is looming i need to be proactive and just do it myself.

So, as some of you seem to think it's ok to add a weblink to the paper, does anyone know a good site that will host the report for at least a couple of months, so when the tutor does actually come to mark and click the report the file still actually exisits!!

Thanks.

ivrytwr3 · 18 Jul 2014 at 11:18

Judgeneo said:
Make sure you detail how it was generated.

Can you expand on this more?

I used the trial version of Nessus (full access for 7 days) and it was the basic scan i ran on the target IP address.

The only things i actually had to input was the name given to the scan, the target IP, hit start and then > export to pdf!!!

ivrytwr3 · 18 Jul 2014 at 11:23

Judgeneo said:
So make sure you say that the trial version of Nessus was used, give the version date of the software. That you used the software in its standard configuration, conducted a basic scan, and detail the IP range(s).

The key point is that another person should be able to replicate your data.

Nice! That makes perfect sense. I always tell my little lad to write his work as if the person reading has no prior knowledge of the subject - i have failed to follow my own advice!!!

ivrytwr3 · 18 Jul 2014 at 11:42

this is all distance learning and so no physical report. My concern is my actual report runs to about 25 pages, then there are 2 x scan reports which are a further 20 pages (OpenVAS) and 125 pages (Nessus). I really don't fancy adding these 2 reports as appendixes so my report runs to approx 200 pages - seems overkill!

ivrytwr3 · 18 Jul 2014 at 11:58

All of it is - i say that because:

Summary

Critical High Medium Low Info Total
1 9 16 3 28 57

The report breaks each vulnerability down explaining what it is, how to exploit, how to mitigate etc, perfect as i have to talk about exactly that.