Reviewer-safe artifact · Sample report
The format you will receive at the end of an engagement.
A real Veyra deliverable, redacted to remove client-identifying material. The structure, the section IDs, the severity model, the independence disclosure, and the remediation-verification path are unchanged. Request access below; a redacted PDF is sent from engage@veyrasecurity.io.
Table of contents · PreviewVS-SAMPLE-2026-A
Confidential Security Assessment Technical Report
[Redacted Client] · Web Application & API Penetration Test · 2026-03-14
§ 01
Executive summaryReviewer-safe two-page summary. Findings counts, remediation status, independence statement.
p. 3
§ 02
Scope and limitationsIn-scope routes, roles tested, environments, what was excluded by ROE.
p. 5
§ 03
MethodologyGray-box knowledge model, OWASP ASVS L2 + API Top 10 mapping, severity model.
p. 8
§ 04
Findings2 Critical3 High2 Medium4 Info
p. 12
§ 05
Remediation verificationRetest letter against named commits. Verified status applied to closed findings.
p. 38
§ 06
Independence disclosureRelationship audit result, named reviewer, date stamp. First-class section.
p. 41
§ 07
Manifest of tools and queriesEvery tool, version, surface, and role used during the engagement window.
p. 43
Critical
2
High
3
Medium
2
Info
4
After reading the sample
If the format fits the reviewer you are answering to, describe the system.
Engagement requests receive a reply from a named assessor within one business day.