Recipe

Pen Test Results Page

Build a client-facing penetration test results portal with executive summaries, finding breakdowns, and secure PDF export.

Overview

This recipe covers a complete results delivery page — severity distribution charts, finding cards with CVSS scores, remediation tracking, and a one-click executive report download. All data is fetched server-side and rendered with zero client-side secrets.

Key Components

Severity ring chart (Critical / High / Medium / Low / Info)
Finding cards with CVSS vector, affected hosts, and status
Executive summary with risk score and engagement metadata
Secure PDF generation via API route with token-gated access
Remediation checklist with assignee and deadline tracking

Data Flow

GET /api/results/:engagementId→ Server fetches findings from DB

POST /api/results/:id/export→ Generates PDF, returns signed URL

PATCH /api/findings/:id→ Update remediation status

Security Notes

All API routes validate the engagement token via HMAC before serving results. PDF exports are watermarked with the recipient's email and timestamp. Findings are never exposed client-side until authentication succeeds — the page shell loads first, then hydrates with data.

Browse More Recipes View Implementation →