Types of Reports

Let’s look at the key parts of a Detailed Developer Report:

  • Index of all the vulnerabilities.

  • Information about what exact URL and parameters are affected.

  • The payload you used to confirm the vulnerability.

  • Observations (screenshots/videos) explaining a complete step by step exploitation of each vulnerability.

  • Outcome (if any) i.e. the data you were able to extract using the vulnerability, commands you were able to run, etc.

  • Business Impact - A detailed description of the impact of the vulnerability with examples (screenshots/videos).

  • Recommendations on how to patch the vulnerability.

  • References about the vulnerability, including links explaining the vulnerability, the patches and the impact.

Let’s look at the key parts of a High Level Management Summary:

  • Information summarising everything a hacker can do if an attack happens, containing maximum possible impacts of each vulnerability (multiple if they exist).

  • Information about what exact URL and parameters are affected.

  • Brief observations containing only the application affected and impact information i.e no step by step guide is required, but only outcome observations.

  • Detailed business impact with proofs of all kind of information you extracted during the exploitation.

  • References about the vulnerabilities (not the patches).

PreviousPoCNextRecommendations for OWASP Top 10 Vulnerabilities

Last updated