: Your attacks must be documented so a technically competent reader can replicate them step-by-step.
The most common reason for failure—even for candidates who compromise all networks—is a poor report. Offensive Security evaluates the report based on . If a technical grader cannot follow the report to achieve the same result, the candidate will likely fail. To ensure precision, candidates must: Capture raw command output: Avoid paraphrasing results. oswe exam report
: Explain where the flaw is in the code. : Your attacks must be documented so a
: You have 24 hours after the exam ends to submit. Don't wait until the last minute. If a technical grader cannot follow the report
To create a professional OSWE (OffSec Web Expert) exam report, you must prioritize and strictly follow the OffSec Exam Guide . OffSec provides an official OSWE report template that you should use as your base. 1. Mandatory Technical Requirements
Good luck—and may your code traces be clear and your exploits be idempotent.
| Category | Weight | Fail Condition | | :--- | :--- | :--- | | | 40% | PoC script fails on a clean install. | | Source Code Accuracy | 25% | Line numbers are off by more than 5 lines, or the wrong file is cited. | | Reproduction Steps | 20% | A human cannot follow steps to replicate without guessing. | | Remediation | 10% | Remediation is generic ("use parameterized queries") without a code example. | | Professionalism | 5% | Spelling errors, mangled PDF formatting, missing page numbers. |