The most important factor to consider before starting the process of submitting a report is to make sure to have read and understood the scope, respect it, and read it again for good measure. This is in place to provide safe harbour for researchers while participating in ethical hacking activities within the program rules.
We digress, when writing up a report be sure to provide clear and concise information in order to determine the steps to be taken in which the vulnerability can be reproduced.
The Intigriti platform has the following required fields of which are needed to submit a report.
In order to submit reports:
1. Locate and open the chosen program
Figure 1.1 Screenshot of selected program to be opened
2. Check the program details for recent updates or changes before proceeding
3. Click on Create Submission to progress to a new draft
Figure 1.2 Screenshot of creating submission on program detail page
4. Provide a Submission Title for the draft being created
Figure 1.3 Screenshot of submission title field
5. Select relevant Domain of which the testing was performed
Figure 1.4 Screenshot of domain where tests were performed
6. Provide the Endpoint where the vulnerable component can be found (Optional/But Recommended)
7. Select Type of vulnerability found from provided options
Figure 1.5 Screenshot of where vulnerable endpoint was found and type of vulnerability found
8. Select Severity or Use CVSS Calculator (Link) review program description for breakdown…???
Figure 1.6 Screenshot of manual severity selector
Figure 1.7 Screenshot of CVSS calculator
9. Include Attachments as a means of evidence i.e., screenshots to better show the steps taken towards finding the vulnerability
10. Details! Details! and more details. Be concise, by clearly describing the POC (Proof of Concept) illustrating the step-by-step process of finding the vulnerability, making sure to include all relevant information to aid us in reproducing the vulnerability in order for us to be able to assess its security impact.
Figure 1.8 Screenshot of detail section to provide snapshots and proof of concept
11. Express the explicit security Impact the vulnerability may leave this company susceptible to, and why is that important
Figure 1.9 Screenshot of the impact field
12. Offer a Recommended solution of action to remedy the vulnerability (Optional)
13. Include an IP address used during testing to allow the customer to match against their logs in order to validate the test (Optional/But Recommended)
14. Select Next to proceed
Figure 1.10 Screenshot of recommended solution and IP address used while tested
15. Final chance to review the report, before selecting submit submission
Figure 1.11 Screenshot of submit submission button
16. Congratulations! Submission successfully created
Figure 1.12 Screenshot of flag showing submission successfully created
From this point the Submission will be Triaged, if verified it then moves on to the customer to make the final decision.