The most important factor to consider before starting the process of submitting a report is to make sure to have read and understood the scope, respect it, and read it again for good measure. This is in place to provide safe harbour for researchers while participating in ethical hacking activities within the program rules.
We digress, when writing up a report be sure to provide clear and concise information in order to determine the steps to be taken in which the vulnerability can be reproduced.
The Intigriti platform has the following required fields of which are needed to submit a report.
In order to submit reports:
1. Locate and open the chosen program
![]() Figure 1.1 Screenshot of selected program to be opened |
2. Check the program details for recent updates or changes before proceeding
3. Click on Create Submission to progress to a new draft
![]() Figure 1.2 Screenshot of creating submission on program detail page |
4. Please write your detailed report in English as a preferred language, unless otherwise expressly mentioned within the program details
5. Provide a Submission Title for the draft being created
![]() Figure 1.3 Screenshot of submission title field |
6. Select relevant Domain of which the testing was performed
![]() Figure 1.4 Screenshot of domain where tests were performed |
7. Provide the Endpoint where the vulnerable component can be found (Optional/But Recommended)
8. Select Type of vulnerability found from provided options
![]() Figure 1.5 Screenshot of where vulnerable endpoint was found and type of vulnerability found |
9. Select Severity or the Use CVSS Calculator
![]() Figure 1.6 Screenshot of manual severity selector |
![]() Figure 1.7 Screenshot of CVSS calculator |
10. All information necessary to reproduce the vulnerability should be written in the report, images can be used as guidance, but should not be required to understand and reproduce the submission. Of course, there might be exceptions. While writing your report, keep the following in mind: “Can my report be printed out on a sheet of paper and still be understood?“. Was the answer to this question yes? Good job! if not, try to modify your report until the answer becomes yes
11. Only include attachments as a means of additional evidence i.e., screenshots to better show the steps taken towards finding the vulnerability
Example:
Does the Triager need to make a certain POST request to reproduce your finding? Copy-paste this request in your report (and redact the cookies/authorization token) or explain how the Triager could find this POST request themselves via the web application. One thing to avoid here is to add a screenshot of the POST request. This makes it harder for the Triager to reproduce as they would need to type out the entire request manually
![]() Figure 1.8 Screenshot of detail section to provide snapshots and proof of concept |
12. Express the explicit security Impact the vulnerability may leave this company susceptible to, and why is that important
![]() Figure 1.9 Screenshot of the impact field |
13. Offer a Recommended solution of action to remedy the vulnerability (Optional)
14. Include an IP address used during testing to allow the customer to match against their logs in order to validate the test (Optional/But Recommended)
15. Select Next to proceed
![]() Figure 1.10 Screenshot of recommended solution and IP address used while tested |
16. Final chance to review the report, before selecting submit submission
![]() Figure 1.11 Screenshot of submit submission button |
17. Congratulations! Submission successfully created
![]() Figure 1.12 Screenshot of flag showing submission successfully created |
From this point the Submission will be Triaged, if verified it then moves on to the customer to make the final decision.