We will provide you with our recommendations for how to fix the detected issues. The process of fixing is usually performed by your corresponding technical team (web development, software development, network team, etc.). At the same time, your technical specialists are not necessarily professionals in IT security. That is why they are welcome to ask for clarification about the detected issues if needed.
It is highly recommended to perform re-testing after all issues have been fixed. A re-test is advised in a period of 90 days after the initial penetration testing.