mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-11-10 07:04:22 +00:00
Vulnerability Reports
This commit is contained in:
Swissky
parent
156990a2c6
commit
ed081d7f29
1 changed files with 50 additions and 0 deletions
50
Methodology and Resources/Vulnerability Reports.md
Normal file
50
Methodology and Resources/Vulnerability Reports.md
Normal file
|
|
@ -0,0 +1,50 @@
|
|||
# Vulnerability Reports
|
||||
|
||||
## Summary
|
||||
|
||||
* [Tools](#tools)
|
||||
* [Vulnerability Report Structure](#vulnerability-report-structure)
|
||||
* [Vulnerability Details Structure](#vulnerability-details-structure)
|
||||
* [General Guidelines](#general-guidelines)
|
||||
* [References](#references)
|
||||
|
||||
|
||||
## Tools
|
||||
|
||||
Tools to help you collaborate and generate your reports.
|
||||
* [GhostManager/Ghostwriter](https://github.com/GhostManager/Ghostwriter) - The SpecterOps project management and reporting engine
|
||||
* [pwndoc/pwndoc](https://github.com/pwndoc/pwndoc) - Pentest Report Generator
|
||||
|
||||
List of penetration test reports and templates.
|
||||
* [reconmap/pentest-reports](https://github.com/reconmap/pentest-reports) - Collection of penetration test reports and pentest report templates
|
||||
* [juliocesarfort/public-pentesting-reports](https://github.com/juliocesarfort/public-pentesting-reports) - A list of public penetration test reports published by several consulting firms and academic security groups.
|
||||
|
||||
|
||||
## Vulnerability Report Structure
|
||||
|
||||
* Executive Summary
|
||||
* Security Findings and Recommendations
|
||||
* Vulnerabilities (sorted by severity)
|
||||
* Appendix (optional)
|
||||
|
||||
|
||||
## Vulnerability Details Structure
|
||||
|
||||
* **Summary**: a concise introduction to the vulnerability, providing a snapshot of the issue and its potential reach..
|
||||
* **Impact**: detailed insights into the potential business ramifications that could arise from exploiting this vulnerability.
|
||||
* **Reproductions Steps**: a comprehensive, step-by-step walkthrough on how to replicate the issue,, complete with screenshots, HTTP requests or Proof of Concept code snippets.
|
||||
* **Recommendations**: suggestions and best practices for addressing and resolving the highlighted issue.
|
||||
* **References**: links to external content, documentation, and security guidelines, including resources like OWASP.
|
||||
* **Severity**: Include a severity score like CVSS.
|
||||
|
||||
|
||||
## General Guidelines
|
||||
|
||||
* Use a **Passive Voice Form**.
|
||||
* **Obfuscate** the secrets: passwords, token, ...
|
||||
* Add **caption** to all figures and pictures.
|
||||
|
||||
## References
|
||||
|
||||
* [Best Practices for Writing Quality Vulnerability Reports - Krzysztof Pranczk](https://itnext.io/best-practices-for-writing-quality-vulnerability-reports-119882422a27)
|
||||
* [Overview of technical writing courses - Google Technical Writing](https://developers.google.com/tech-writing/overview)
|
||||
Loading…
Reference in a new issue