Worked on #ABpXJ this week.
This is a very interesting project because even though we are supposed to do web application penetration testing, this ended up to be a proxy server. Skip past the initial confusion, this was the first project that have zero findings.
Asked for help from my peers and senior colleagues with the same result as well. The report ended up being a very different style as it was a documentation of all the components that I check and scanned to show that we have done our due diligence.