Learn by Directing AI
All materials

report-template.md

Security Assessment Report

Executive Summary

Write for Dimitar. Use winery language and business impact. No technical jargon.

Overall risk assessment: [Critical / High / Moderate / Low]

Key findings summary:

  1. [Finding in business terms]
  2. [Finding in business terms]
  3. [Finding in business terms]

Immediate actions recommended:

  • [Action in plain language]

Assessment Scope

Client: Todorovi Wines Systems assessed: [List] Assessment period: [Dates]

Web Platform Findings

# Finding CVSS EPSS Environmental context Risk priority Status
W-01 [Title] [Score] [Prob] [Context] [Priority] [Status]

W-01: [Finding title]

Description: [What was found] Evidence: [How confirmed] Business impact: [In Dimitar's terms] CVSS score: [Score] | EPSS probability: [Prob] CIS/ASVS mapping: [Items if applicable] Remediation: [What was done] Detection: [Sigma rule deployed]

API Findings

# Finding CVSS EPSS Environmental context Risk priority Status
A-01 [Title] [Score] [Prob] [Context] [Priority] [Status]

A-01: [Finding title]

Description: [What was found] Evidence: [How confirmed] Business impact: [In terms of restaurant partners and revenue] CVSS score: [Score] | EPSS probability: [Prob] CIS/ASVS mapping: [Items if applicable] Remediation: [What was done] Detection: [Sigma rule deployed]

Exploit Chains

Chain 1: [Chain title]

Attack narrative: [Step-by-step attack path] Business impact narrative: [In Dimitar's terms]

Steps in chain:

  1. [Step] -- [Evidence]
  2. [Step] -- [Evidence]

Detection coverage: [Which rules cover which steps]

Remediation Status

Finding Fix applied Prevention verified Detection deployed Detection verified
[ID] [What was done] [Re-run result] [Rule ID] [Fire on re-test]

Compliance Assessment

CIS Docker Benchmark

Item Title Status Notes
[Item] [Title] [Pass/Fail/N-A] [Justification]

OWASP ASVS (Level 1)

Requirement Description Status Evidence
[Req] [Description] [Pass/Fail] [Evidence]

Recommendations

Priority Recommendation Estimated effort Finding reference
1 [Action] [Estimate] [IDs]

Separate assessment recommended

  • Mobile application: Nephew's wine club app connects to the same backend. Out of scope but the shared connection warrants separate assessment.