Hello everyone.

I just want to get a basic idea of what to do in a penetration test.

Suppose, if i get a project, how will i report the vulns to the owner.

Some helpful links would be enough.

These are the things i'm thinking of doing in it :

1. Web app security check for some common vuln. like SQLi, XSS, LFI, RFI etc.

2. NMAP scan to check for open ports and the services running on it.

3. Scanning with some vuln. scanners like Acunetix, w3af, Nessus and Nikto.

4. Finding exploits for the services running on it.

Is there something else i need to do?
And could anyone help with the report thing?