A Triage Summary is a key deliverable our Triage analysts provide at the end of validating the report. In the Triage Summary, we aim to provide additional clarity and context on the hacker’s findings to speed up your team’s ability to remediate.
In each Triage summary, our analysts:
Improve the hacker’s write-up by removing unnecessary steps, adding relevant screenshots or additional necessary steps, additional context on severity or impact, correcting grammar, etc.
Add clarity by cleaning up the steps to remediation. If the steps are too long, we clean it up and translate findings into simple technical language.
Remove extraneous information from the hacker’s report and keep it to the point.
We also look to include screenshots to further demonstrate our validation findings and clarify the hacker’s remediation recommendations. These may include:
Pre-conditions: If the attack has any pre-conditions, for example, the attacker needs to have a certain role on the application or the victim needs to perform a certain action.
Pre-attack confirmation: A screenshot showing the current state of the system before the attack is executed. For example, this could be a screenshot of the victim’s account showing the piece of information that is going to be affected by the attacker.
The Attack: This is the actual step where the attack takes place. This could be a screenshot from Burp showing the key action that the attacker has to take to exploit the vulnerability.
Post-attack confirmation: A screenshot showing the resultant state of the system after the attack. This screenshot can be similar to the Pre-attack confirmation screenshot with the affected information highlighted with a box around it.