| Aspect | OSCP (Penetration Testing) | OSWE (Web Expert) |
| :--- | :--- | :--- |
| Target | Black box | White/grey box (source code given) |
| Proof | Screenshot of whoami / ifconfig | Code snippet + HTTP request demonstrating logic flaw |
| Difficulty | Finding the vulnerability | Exploiting a chain of minor bugs to get RCE |
| Report Enemy | Forgetting a screenshot | Missing the code context |
"That," Elias said, rubbing his temples, "is the documentation of my suffering. Look, finding the bug took two hours. Writing the exploit took four. But documenting it? That took three days." oswe exam report work
import requests
requests.get("http://target/shell.php")
</code></pre>
<p><strong>Good script (shows understanding):</strong></p>
<pre><code class="language-python">import requests
import hashlib
Summary
If you are looking for the official documentation regarding this, it is found in the OSWE Exam Guide provided to students upon enrollment. The "report work" is the mechanism by which candidates convert their technical findings into a pass/fail result. Part 1: The Philosophical Shift (OSWE vs
Exploitation Logic: Describe the logical steps required to chain vulnerabilities together to achieve the final goal (typically an administrative shell or data exfiltration). Step-by-Step Reproduction gobuster dir -u http://[target] -w common
- gobuster dir -u http://[target] -w common.txt -x php,html,txt
Exploit Chain