Once the testing is complete, then comes the most important phase: reporting. The reporting has to be done as precisely and elaborately as possible to explain to the organization about the vulnerabilities and their impact. This is because the organization will only understand the effort of the tester in the form of the report presented. You can also add the attacks tested and how the application protected against the attacks, giving the organization/developer the sense of how strong the application is.