While OffSec provides a formal report template, you need to populate it strategically. Your report should generally follow this flow:
Your full, working exploit script. 3. Mastering the "Source Code to Exploit" Narrative oswe exam report work
Don't fluff the report with generic definitions of SQL injection. Focus on this specific SQL injection. 2. Structuring Your OSWE Report While OffSec provides a formal report template, you
If you used Burp Suite, include screenshots of the request/response that triggered the bug. 5. Final Checklist for Your Report Work run through this checklist:
Don't just show how to break it; provide a brief code snippet showing how the developer should fix the vulnerability. Conclusion
Before you hit "submit" on the OffSec portal, run through this checklist: