Oswe Exam Report
OffSec provides an official .docx template. If you prefer a visual editor, use this template to ensure you do not miss mandatory sections. 2. Prepare Your Screenshot and Recording Tools
The OSWE exam challenges you to audit white-box web applications over a grueling 47 hours and 45 minutes, followed by another 24 hours dedicated solely to documentation.
Detail the specific files, classes, or functions where you identified vulnerabilities (e.g., SQL injection, deserialization, type juggling, or authentication bypass).
Is the file named strictly according to the format: OS-XXXXX-OSWE-Exam-Report.pdf ? oswe exam report
. Even if you score the required 85 points during the lab time, a poorly documented report can lead to a failure. You are typically given an additional 24 hours after the exam ends to finalize and upload this documentation. Conclusion
Performs any necessary authentication bypass or logic flaw exploitation. Triggers the vulnerability. Delivers the payload.
Chain an with a Remote Code Execution (RCE) Core Structure of an OffSec Approved Report OffSec provides an official
Briefly state that full administrative access and remote code execution (RCE) were achieved via specific vulnerability chains. 2. Technical Summary & Proof of Concept (PoC)
Always use the official OffSec exam report template provided in your exam control panel. Do not create your own layout from scratch.
Your final submission must be packaged exactly as specified in the OffSec Exam Guide. Typically, this involves: Converting your document into a standard format. Prepare Your Screenshot and Recording Tools The OSWE
This is the core of your report. You must create a dedicated sub-section for every single vulnerability utilized in your exploit chain. Vulnerability Description and Source Code Analysis
Keep multiple copies of your working Python scripts. It is devastating to accidentally modify a working script in the 43rd hour of the exam and forget how to revert it to its functional state. Common Reporting Pitfalls to Avoid
