vollkorn on Nostr: How detailed has an OffSec exam report to be? I know of ...
Published at
2024-02-06 10:52:46Event JSON
{
"id": "b55b3024f47ccf600a36bca5e99599cb2a1dd96b550d694a6b818c9725c24a53",
"pubkey": "38d14223f15267ec44a0c40b7d0bc4c037d857168595ab46d5cc117f62290143",
"created_at": 1707216766,
"kind": 1,
"tags": [
[
"proxy",
"https://chaos.social/users/vollkorn/statuses/111884158013450260",
"activitypub"
]
],
"content": "How detailed has an OffSec exam report to be? I know of https://help.offsec.com/hc/en-us/articles/7281947451284-OSWA-Exam-FAQ#h_01G6AF68QX8K38RWGBS7WJCFWM but I just got the question how much information do you have to put in there. Do you need references to all relevant CWEs? Explanations of your threat model? Or is a plain description of the steps without any explanation of the impact sufficient?",
"sig": "3c900a8ad1fae96fee93693b7417fc28e9ad36dfebd9dc7d7899d3770525e6fc7bed7a6ce732fa564591bc2481f5d0092f23ce507b12150be82a9b482b4f4b93"
}
