loading
Loading content
loading
Also known as PoC
A proof of concept (PoC) shows that a flaw is exploitable in practice, not just in theory. The researcher triggers the vulnerability once, captures evidence (a returned secret, an out-of-band callback, a reflected payload), and stops there. A PoC proves reachability and impact without turning into a tool that anyone could point at production at scale.
PoCs carry weight in offensive work because vendors and program owners push back on theoretical reports. A clear PoC removes the argument: it documents the request, the observed response, and the exact condition that makes the bug fire. In a penetration testing engagement or a bug bounty submission, a tight PoC speeds triage and raises the payout, since the reviewer can reproduce the issue in minutes.
A PoC differs from a full exploit, which is built to deliver reliable code execution or persistence. Public PoCs often appear alongside a CVE once a fix ships.
In a Trickest workflow you can template the reproduction step, fire it against a candidate finding, and record the response automatically, which gives every report a ready PoC instead of a manual write-up after the fact.
Related terms