The 'Summarized impact' field in a submission serves as a brief summary of the potential consequences of the identified vulnerability to the company running the Hybrid program. It’s a key component that’s only available on submissions for Hybrid Pentests. A well-defined 'Summarized impact' field helps customers gain a quick overview of your vulnerability’s impact on the program’s letter of attestation (which is shared with the customer after the completion of the engagement). It also helps the Intigriti Hybrid team creating this final report!
What to include
Please provide a very concise summary of the impact in one sentence.
Generally, we’re looking for the following structure:
Fixed sentence start: “This vulnerability would have allowed an attacker […]”
Which action was the attacker able to perform? Choose a specific verb to continue your summary: exploit, elevate, access, overwrite, inject, query, …
Complete your summary as you see fit.
“This vulnerability would have allowed an attacker to elevate their privileges from a standard user role to an admin role”
“This vulnerability would have allowed an attacker to query internal servers which are not supposed to be exposed to the public”
Do's and Don'ts
To avoid common mistakes when filling out the 'Summarized impact' field, consider the following do's and don'ts:
Summarize your detailed impact description in one sentence.
Be specific yet detailed in your descriptions (e.g. which role, which part of the application, etc.).
Use quantifiable terms when possible (e.g., number of affected users).
Copy and paste the detailed impact description into this field.