This repository contains templates for security assessments.
Throughout templates the text [TKTK example content] will appear. Everything inbetween the square brackets must be updated with appropriate content.
In case you're wondering, TKTK is an abbreviation for "To Come", which specifies content which is to be provided later https://en.wikipedia.org/wiki/To_come_(publishing)
Writing accurate and clearly is very important. Imagine you have to re-produce the finding a year from now. Do you have everything in the report necessary to perform in a timely manner? If endpoitns are listed, is it clear which web pages contacted the endpoints? If using a complex payload, does the Proof of Concept contain code to re-produce the payload?
All material is copyrighted. Open Source licenses are currently under review.
Material is provided as is, use at your own risk. Authors and publishers are not liable for any direct or indirect damages caused by direct or indirect use of provided material.
© 2019 Justin Taft and One Up Security, LLC .