Report Content#
-
Vulnerable areas: Vulnerability URLs, if it is a weak password, provide the password.
-
Determine the type of vulnerability: First, clarify the type of vulnerability and classify and describe it.
-
Determine the vulnerability impact: Assign an appropriate severity level to the vulnerability, such as high, medium, low, etc.
-
Reproduce the discovered vulnerability: Provide steps and environment to reproduce the vulnerability in the report.
-
Provide detailed information: Provide as much information as possible in the vulnerability report, such as the operating system, browser version, and vulnerable versions of the application.
-
Describe the impact of the vulnerability: Describe the impact of the vulnerability and the potential damage it may cause to the system in the report.
-
Provide remediation recommendations: Provide solutions or suggestions in the vulnerability report.
-
Confirm the vulnerability has been fixed: After the vulnerability is fixed, perform vulnerability verification to ensure that the vulnerability has been fixed.
-
In actual projects, pay attention to the formatting of Word documents, and ensure font and formatting consistency.
Post-report#
-
Maintain professionalism: Avoid using excessive emotional or inappropriate language in the report.
-
Collaborate with developers to fix vulnerabilities: It is best to collaborate with the application's developers to better understand and fix vulnerabilities.
-
Maintain confidentiality when reporting vulnerabilities: Keep the vulnerability information confidential and only notify relevant parties.
-
Fix report: After the vulnerability is fixed, a fix report can be provided (optional).