The WSTG checklist is of utmost importance to penetration testers because it provides the blueprint for what to test. Its current format provides the following:

ID, Test Name, Objectives, Status, Notes.

ID, Test Name, and Objectives have been compiled from WSTG.

WSTG is a companion and reference manual that I go to often for the pentest I do for my clients. For each test, it also has a section called "How to Test" which provides a few actionables for the specific vulnerability.

I propose to include this section (as a new column) in the checklist. The new format will be:

ID, Test Name, Objectives, How to Test, Status, Notes.

I know it might be tricky because for some tests, the "How to Test" is very extensive, while for some it is very succinct. However, I take on the challenge of making a uniform "How to Test" in the checklist across all tests.

Each "How to Test" entry will be 3-5 short bullet points, as in the image below:

What do you all think about this?