Here is a ten-point checklist for walkthrough-videos in the pentest reports. May be you will find them helpful.

1 - Recording Resolution

Your screen could be 8K or 4K. The screen-recording you make will look good on your screen. But the viewer with 720p screen is going to have hard time seeing what is on the screen. While making the recording, either resize the window or scale-down the resolution of the screen.

2 - Don't hurt the viewer's eyes!

Try not to use very-bright or very-dark portions on the recording. Make some adjustments in the post-production if needed. People watching the videos may be using a light-mode or light-mode interface. There is no way you can predict them. So find a balance between them.

3 - Don't hurt the viewer's ears!

Try not to use loud music. Great if you can make the video without any sound. People could play your video during scrum meetings. A silent video would be perfect. The added benefits are - no need to spend time doing voice-overs or finding music.

4 - Use Highlights

Highlight portions of the video where you want to attract the reader's eyes.

5 - Practice What You Preach

Blur, pixelate or mask sensitive information.

6 - Don't Keep The Readers Guessing

Provide detailed captions on the screen

7 - Don't Make Them Wait

If you are typing something on the screen - like a long injection payload, instructions, disclaimers, or any other relevant information, don't make the viewer see typing characters one-by-one. Either increase the speed of the video, or cut-out the irrelevant portions.

8 - Explain to the Duck

Assume that a duck is going to watch your video. Include captions, highlights etc. and keep on explaining what is going on the screen.

9 - Don't Stop Abruptly

Once you have showed exploiting a vulnerability, pause for several seconds. Many video players show fade-out screen towards the end of the video.

10 - Use Zooms and Pans

Don't just record the screen and throw it over the fence. Use Zoom/pan/crop features to make the video pleasing to watch.


Tools