OWTF wants to help penetration testers use their time most effectively, even if they don’t use OWTF directly. An unfortunate reality of penetration testing is the amount of time that is gone via reporting. Explaining vulnerabilities to non technical customers is difficult. Conveying the urgency of fixing XSS, CSRF and many other issues tends to be non-trivial. Especially when the overall security background from the customer is poor (which is common).

This project aims to:

• Provide boilerplate vulnerability explanations which can easily be copy-pasted into real-world reports
• Provide boilerplate vulnerability fixing recommendations which can easily be copy-pasted into real-world reports