The tweet mentions the importance of including a link to online test pages to demonstrate that a WAF bypass works. It highlights that a bypass does not necessarily mean a working payload, and one must prove both. This emphasizes the importance of validating the effectiveness of a bypass by providing evidence of its functionality. It's crucial to demonstrate that the WAF bypass is not just theoretical but can actually bypass the security measures in place.
Original tweet: https://twitter.com/RodoAssis/status/1863306121626190216