Remediation Validation
After your team fixes security issues we previously reported, we retest those specific items and confirm whether each fix worked. You receive a clear status per finding: resolved, partially resolved, or still open, with evidence.
Remediation validation report
2026-03-14 · Retest window
5
Resolved
2
Partial
1
Open
88%
Complete
8 findings in scope · production environment · fixes deployed 2026-03-12
| ID | Finding | Severity | Status |
|---|---|---|---|
| WEB-014 | Missing security headers | Medium | Resolved |
| WEB-021 | Session fixation on login | High | Resolved |
| PT-007 | SQL injection in search parameter | Critical | Resolved |
| PT-012 | IDOR in orders API | High | Resolved |
| WEB-048 | Weak CSP policy | Medium | Resolved |
| WEB-033 | Verbose error messages on API | Low | Partial |
| WEB-052 | CORS misconfiguration | High | Partial |
| WEB-041 | Password policy not enforced | Medium | Open |
Per-finding
Retest status
Evidence
Method documented
Focused
Not a full re-test
EUR 450+
Starting price excl. VAT
Deliverables
What you actually receive
Every engagement ends with concrete artifacts your team can use. Not slides. Browse sample outputs below.
Validation status register
Per-finding retest outcome: resolved, partial, or still open. Tied to original IDs.
Remediation validation report
2026-03-14 · Retest window
5
Resolved
2
Partial
1
Open
88%
Complete
8 findings in scope · production environment · fixes deployed 2026-03-12
| ID | Finding | Severity | Status |
|---|---|---|---|
| WEB-014 | Missing security headers | Medium | Resolved |
| WEB-021 | Session fixation on login | High | Resolved |
| PT-007 | SQL injection in search parameter | Critical | Resolved |
| PT-012 | IDOR in orders API | High | Resolved |
| WEB-048 | Weak CSP policy | Medium | Resolved |
| WEB-033 | Verbose error messages on API | Low | Partial |
| WEB-052 | CORS misconfiguration | High | Partial |
| WEB-041 | Password policy not enforced | Medium | Open |
Practical
What to expect
Who it's for, how we work together, and where we draw the line.
Best for
- Closing out critical or high findings after a remediation sprint
- Providing evidence to auditors, customers, or internal risk forums
- Confirming fixes before a major release or renewal
- Following up on a penetration test or external rating report
How the engagement runs
2. Confirm access and credentials for retest
3. Focused retest of agreed findings within scope
4. Status documentation with evidence per finding
5. Validation report delivery
Honest boundaries
- Validation covers only the findings and environments agreed in scope
- Partial fixes may be documented as partially resolved, not upgraded to resolved without evidence
- A clean validation does not imply no other issues exist outside retested items
- Timing depends on your confirmation that fixes are deployed in the target environment
Engagement package
What you get. And what you don't.
Fixed outputs and scope, agreed before we start. No surprises afterward.
Remediation validation report or addendum
- Per-finding status table with evidence references
- Summary of residual risk for validated items
- List of items not retested with reason (if any)
Detailed examples are shown in the deliverables section above.
Starting from €450 excl. VATPricing guidance