Uni paper - how to reference a large report produced for the paper?

ivrytwr3 · 10 Jul 2014 at 23:35

Sorry for the title!

I am preparing a paper that covers Pen Testing, during this process i ran 2 x vulnerability scanners; 1 generated a 20 page report and the other a 124 page report!

All of the info is relevant so how do i reference it? A link in the paper to the document stored on a fileserver? Put it as an Appendix? Or...............?

Ta!

Buffman · 10 Jul 2014 at 23:37

I'm not sure on the content... But if it's all your own work I'd appendix it (or try cut out key points)

ivrytwr3 · 10 Jul 2014 at 23:56

It's a target network scan which gives an exec summary of the vulnerabilities found then describes each in detail, solutions, exploits etc, so all relevant - so you would really appendix a 124 page doc?

One · 11 Jul 2014 at 00:03

Ask your tutor :confused:

Buffman · 11 Jul 2014 at 00:12

No then, can you summarise it? As above best to ask your tutor or file share it is also a decent idea.

ivrytwr3 · 11 Jul 2014 at 05:22

Ask your tutor

[sarcasm] well i never thought of that! [/sarcasm]

I posted this at 2335 when i was writing the paper, i don't think my tutor would appreciate me calling at that time. I asked here in case others had to do something similar and wished to benefit from their experience.

pitchfork · 11 Jul 2014 at 08:00

Host it on an FTP server and link to it in the appendix with (Hard copy available on request)

Or a brief summation of the points raised from it within the context of the paper followed a link to the full version.

ivrytwr3 · 18 Jul 2014 at 10:58

Bah! Well i emailed the tutor and he answered one of my questions, but not the one relating to the large report; i have sent another email! However, as the due date is looming i need to be proactive and just do it myself.

So, as some of you seem to think it's ok to add a weblink to the paper, does anyone know a good site that will host the report for at least a couple of months, so when the tutor does actually come to mark and click the report the file still actually exisits!!

Thanks.

Judgeneo · 18 Jul 2014 at 11:00

pitchfork said:
Host it on an FTP server and link to it in the appendix with (Hard copy available on request)

Or a brief summation of the points raised from it within the context of the paper followed a link to the full version.

This, or just say the whole report is available on request.
Make sure you detail how it was generated.

ivrytwr3 · 18 Jul 2014 at 11:18

Judgeneo said:
Make sure you detail how it was generated.

Can you expand on this more?

I used the trial version of Nessus (full access for 7 days) and it was the basic scan i ran on the target IP address.

The only things i actually had to input was the name given to the scan, the target IP, hit start and then > export to pdf!!!

Judgeneo · 18 Jul 2014 at 11:21

ivrytwr3 said:
Can you expand on this more?

I used the trial version of Nessus (full access for 7 days) and it was the basic scan i ran on the target IP address.

The only things i actually had to input was the name given to the scan, the target IP, hit start and then > export to pdf!!!

So make sure you say that the trial version of Nessus was used, give the version date of the software. That you used the software in its standard configuration, conducted a basic scan, and detail the IP range(s).

The key point is that another person should be able to replicate your data.

rubberduck · 18 Jul 2014 at 11:23

You can still 'reference' work that hasn't been published or is available online so just just refer to it by the name of the report, the date, and authors etc.

If you are refering to a specific finding or piece of data/analysis from the other reports use a standard [1] style reference where appropriate with the sources then listed in your references section. If you just want to include it for relevant background reading then list the report in the bibliography. If you wish to reference substantial amounts of data then perhaps shove it in an appendix.

ivrytwr3 · 18 Jul 2014 at 11:23

Judgeneo said:
So make sure you say that the trial version of Nessus was used, give the version date of the software. That you used the software in its standard configuration, conducted a basic scan, and detail the IP range(s).

The key point is that another person should be able to replicate your data.

Nice! That makes perfect sense. I always tell my little lad to write his work as if the person reading has no prior knowledge of the subject - i have failed to follow my own advice!!!

a1ex2001 · 18 Jul 2014 at 11:24

I'd just print the report and shove it in as an appendix and then in you actual paper just pull out the bits you need referenced back to appendix x page xxx saves any doubt and will only take two minutes and cost very little if you duplex it up.

ivrytwr3 · 18 Jul 2014 at 11:42

this is all distance learning and so no physical report. My concern is my actual report runs to about 25 pages, then there are 2 x scan reports which are a further 20 pages (OpenVAS) and 125 pages (Nessus). I really don't fancy adding these 2 reports as appendixes so my report runs to approx 200 pages - seems overkill!

rubberduck · 18 Jul 2014 at 11:54

How much of the extra 175 pages is actually relevant to your current report?

ivrytwr3 · 18 Jul 2014 at 11:58

All of it is - i say that because:

Summary

Critical High Medium Low Info Total
1 9 16 3 28 57

The report breaks each vulnerability down explaining what it is, how to exploit, how to mitigate etc, perfect as i have to talk about exactly that.