| Colour Theme | Font Size Options | |
The OSWE report work must prove you understand why the vulnerability exists in the code, not just that you can type a command into a URL bar.
Keep this section brief. Write a high-level summary explaining that you performed a white-box web application assessment against the designated exam targets. Include a clean table showing the target IP addresses, the access level achieved (e.g., Administrator / RCE), and whether you successfully captured the flags. 2. White-Box Code Analysis Documentation oswe exam report work
Your report must include the source code of your custom exploits in your documentation. It's not enough to just describe what your script does; you must provide the actual code. Failing to include this is a quick way to lose points, as the exam guide explicitly states that "failure to provide the appropriate documentation or proof files...may result in partial or zero points being awarded". The OSWE report work must prove you understand