DollhouseMCP

--- name: "Security Vulnerability Report" description: "Comprehensive vulnerability assessment report with technical details and remediation guidance" type: "template" version: "1.0.0" author: "DollhouseMCP" created: "2025-07-23" category: "security" tags: ["vulnerability", "security", "assessment", "report", "remediation"] variables: assessment_date: type: "string" description: "Date of the assessment" required: true default: "{{TODAY}}" target_system: type: "string" description: "System or application being assessed" required: true assessor_name: type: "string" description: "Name of the security assessor" required: true assessment_type: type: "string" description: "Type of security assessment" default: "code_review" enum: ["code_review", "penetration_test", "vulnerability_scan", "architecture_review"] severity_threshold: type: "string" description: "Minimum severity to report" default: "medium" enum: ["critical", "high", "medium", "low", "informational"] client_name: type: "string" description: "Client organization name" required: true outputFormats: ["pdf", "html", "markdown", "docx"] includes: [] _dollhouseMCPTest: true _testMetadata: suite: "bundled-test-data" purpose: "General test data for DollhouseMCP system validation" created: "2025-08-20" version: "1.0.0" migrated: "2025-08-20T23:47:24.350Z" originalPath: "data/templates/security-vulnerability-report.md" --- # Security Vulnerability Assessment Report **Target System:** {{target_system}} **Assessment Date:** {{assessment_date}} **Assessor:** {{assessor_name}} **Client:** {{client_name}} **Assessment Type:** {{assessment_type}} **Report Classification:** {{#if classification}}{{classification}}{{else}}CONFIDENTIAL{{/if}} --- ## Executive Summary ### Overall Security Posture {{#if overall_risk_level}} **Risk Level:** {{overall_risk_level}} {{else}} **Risk Level:** [HIGH/MEDIUM/LOW] {{/if}} ### Summary of Findings {{#if findings_summary}} {{findings_summary}} {{else}} This assessment identified **[X]** security vulnerabilities across **[Y]** categories. The most critical findings include [brief description of top 3 issues]. Immediate attention is required for **[Z]** critical vulnerabilities that could lead to complete system compromise. {{/if}} ### Key Statistics | Severity | Count | Percentage | |----------|-------|------------| {{#if vulnerability_stats}} {{#each vulnerability_stats}} | {{severity}} | {{count}} | {{percentage}}% | {{/each}} {{else}} | Critical | X | XX% | | High | Y | YY% | | Medium | Z | ZZ% | | Low | W | WW% | {{/if}} ### Business Impact {{#if business_impact}} {{business_impact}} {{else}} **Potential Impact:** - Complete system compromise and data breach - Regulatory compliance violations (GDPR, PCI-DSS, HIPAA) - Financial losses estimated at $[amount] - Reputation damage and customer trust erosion - Operational disruption lasting [duration] {{/if}} ### Immediate Actions Required {{#if immediate_actions}} {{#each immediate_actions}} 1. **{{priority}}**: {{action}} (Due: {{due_date}}) {{/each}} {{else}} 1. **CRITICAL**: Patch SQL injection vulnerabilities (Due: 24 hours) 2. **HIGH**: Implement authentication controls (Due: 7 days) 3. **HIGH**: Update vulnerable dependencies (Due: 14 days) {{/if}} --- ## Methodology ### Assessment Scope {{#if scope_description}} {{scope_description}} {{else}} This assessment covered the following areas: - Source code security review - Configuration analysis - Authentication and authorization mechanisms - Input validation and output encoding - Cryptographic implementations - Third-party dependency analysis {{/if}} ### Testing Approach {{#if methodology_details}} {{methodology_details}} {{else}} **Standards Used:** - OWASP Top 10 2021 - CWE/SANS Top 25 - NIST Cybersecurity Framework - {{client_name}} Security Guidelines **Tools Utilized:** - Static Application Security Testing (SAST) - Dynamic Application Security Testing (DAST) - Interactive Application Security Testing (IAST) - Manual code review and testing {{/if}} ### Limitations {{#if limitations}} {{limitations}} {{else}} - Assessment limited to provided source code and documentation - No production environment testing performed - Social engineering and physical security out of scope - Third-party service integrations not fully tested {{/if}} --- ## Detailed Findings {{#if vulnerabilities}} {{#each vulnerabilities}} ### {{@index+1}}. {{title}} **Vulnerability ID:** {{id}} **Severity:** {{severity}} **CVSS Score:** {{cvss_score}} **CWE ID:** {{cwe_id}} **Category:** {{category}} #### Description {{description}} #### Location {{#if locations}} {{#each locations}} - **File:** `{{file}}` - **Line:** {{line}} - **Function:** `{{function}}` {{/each}} {{else}} - **File:** `{{file_path}}` - **Line:** {{line_number}} - **Component:** {{component}} {{/if}} #### Technical Details {{technical_details}} #### Proof of Concept {{#if poc_code}} ```{{language}} {{poc_code}} ``` {{else}} ``` [Demonstration of how to exploit this vulnerability] ``` {{/if}} #### Impact Assessment **Confidentiality:** {{confidentiality_impact}} **Integrity:** {{integrity_impact}} **Availability:** {{availability_impact}} {{impact_description}} #### Risk Rating Justification {{risk_justification}} #### Remediation {{#if remediation_steps}} {{#each remediation_steps}} {{@index+1}}. {{step}} {{/each}} {{else}} 1. [Primary remediation step] 2. [Secondary improvement] 3. [Additional hardening measure] {{/if}} #### Secure Code Example {{#if secure_code}} ```{{language}} {{secure_code}} ``` {{/if}} #### Verification {{verification_method}} #### References {{#if references}} {{#each references}} - [{{title}}]({{url}}) {{/each}} {{else}} - [CWE-{{cwe_id}}](https://cwe.mitre.org/data/definitions/{{cwe_id}}.html) - [OWASP Guidelines](https://owasp.org/) {{/if}} --- {{/each}} {{else}} ### Example Vulnerability Format **Vulnerability ID:** VUL-001 **Severity:** CRITICAL **CVSS Score:** 9.8 **CWE ID:** CWE-89 **Category:** Injection #### Description SQL injection vulnerability allows attackers to manipulate database queries through unvalidated user input, potentially leading to complete database compromise. #### Location - **File:** `src/auth/login.js` - **Line:** 47 - **Function:** `authenticateUser()` #### Technical Details The application constructs SQL queries using string concatenation without proper parameterization or input validation. User-supplied email and password values are directly embedded into the query string. #### Proof of Concept ```javascript // Current vulnerable code const query = `SELECT * FROM users WHERE email = '${email}' AND password = '${password}'`; // Attack payload email: admin@example.com' OR '1'='1' -- Result: Bypasses authentication for any user ``` #### Impact Assessment **Confidentiality:** HIGH - Complete database access **Integrity:** HIGH - Data modification possible **Availability:** MEDIUM - Potential DoS through resource exhaustion This vulnerability allows attackers to bypass authentication, access any user account, extract sensitive data, modify records, and potentially gain administrative access to the entire system. #### Risk Rating Justification Critical severity assigned due to ease of exploitation, no authentication required, and potential for complete system compromise affecting all users and data. #### Remediation 1. Implement parameterized queries using prepared statements 2. Add comprehensive input validation for all user inputs 3. Implement least-privilege database access 4. Add query logging and monitoring for anomaly detection 5. Conduct security code review for similar patterns #### Secure Code Example ```javascript // Secure implementation const query = 'SELECT * FROM users WHERE email = ? AND password_hash = ?'; const hashedPassword = await bcrypt.hash(password, 10); const result = await db.query(query, [email, hashedPassword]); ``` #### Verification 1. Test with SQL injection payloads to confirm fix 2. Review query logs to ensure parameterization 3. Verify proper error handling doesn't expose database details 4. Conduct penetration testing on authentication mechanism #### References - [CWE-89: SQL Injection](https://cwe.mitre.org/data/definitions/89.html) - [OWASP SQL Injection Prevention](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) --- {{/if}} ## Risk Assessment Matrix ### Risk Calculation Methodology ``` Risk Score = (Likelihood × Impact × Exploitability) / Mitigating_Controls Where: - Likelihood: Probability of successful attack (1-5) - Impact: Business consequence severity (1-5) - Exploitability: Ease of exploitation (0.1-1.0) - Mitigating_Controls: Existing protective measures (1-5) ``` ### Overall Risk Distribution {{#if risk_matrix}} {{risk_matrix}} {{else}} | Risk Level | Count | Business Priority | Remediation Timeline | |------------|-------|------------------|---------------------| | Critical | X | Immediate | 24-48 hours | | High | Y | Urgent | 1-2 weeks | | Medium | Z | Important | 1-3 months | | Low | W | Normal | Next cycle | {{/if}} --- ## Remediation Roadmap ### Phase 1: Critical Issues (0-7 days) {{#if phase1_tasks}} {{#each phase1_tasks}} - [ ] {{task}} ({{owner}}) {{/each}} {{else}} - [ ] Fix SQL injection vulnerabilities - [ ] Implement input validation framework - [ ] Update authentication mechanisms - [ ] Patch critical dependencies {{/if}} ### Phase 2: High Priority (1-4 weeks) {{#if phase2_tasks}} {{#each phase2_tasks}} - [ ] {{task}} ({{owner}}) {{/each}} {{else}} - [ ] Implement comprehensive logging - [ ] Add rate limiting controls - [ ] Enhance error handling - [ ] Security configuration review {{/if}} ### Phase 3: Medium Priority (1-3 months) {{#if phase3_tasks}} {{#each phase3_tasks}} - [ ] {{task}} ({{owner}}) {{/each}} {{else}} - [ ] Code security training - [ ] Automated security testing - [ ] Security architecture review - [ ] Penetration testing validation {{/if}} ### Cost-Benefit Analysis {{#if cost_analysis}} {{cost_analysis}} {{else}} | Remediation | Cost | Risk Reduction | ROI | |-------------|------|----------------|-----| | Critical fixes | $X | 80% | High | | High priority | $Y | 15% | Medium | | Medium priority | $Z | 5% | Low | {{/if}} --- ## Recommendations ### Immediate Security Improvements {{#if immediate_recommendations}} {{#each immediate_recommendations}} 1. **{{category}}**: {{recommendation}} {{/each}} {{else}} 1. **Input Validation**: Implement comprehensive input sanitization and validation 2. **Authentication**: Deploy multi-factor authentication for all accounts 3. **Encryption**: Ensure all sensitive data is encrypted in transit and at rest 4. **Monitoring**: Implement security event logging and alerting 5. **Training**: Conduct security awareness training for development team {{/if}} ### Long-term Security Strategy {{#if longterm_strategy}} {{longterm_strategy}} {{else}} 1. **Secure Development Lifecycle**: Integrate security into SDLC processes 2. **Regular Assessments**: Quarterly security reviews and annual penetration testing 3. **Threat Intelligence**: Implement threat monitoring and intelligence feeds 4. **Incident Response**: Develop and test incident response procedures 5. **Compliance**: Maintain alignment with regulatory requirements {{/if}} ### Metrics and KPIs {{#if security_metrics}} {{security_metrics}} {{else}} - Mean Time to Detect (MTTD) security incidents - Mean Time to Respond (MTTR) to vulnerabilities - Percentage of critical vulnerabilities remediated within SLA - Security training completion rates - Number of security incidents per quarter {{/if}} --- ## Appendices ### Appendix A: Vulnerability Classification {{#if classification_guide}} {{classification_guide}} {{else}} **Severity Definitions:** - **Critical**: Complete system compromise, immediate exploitation possible - **High**: Significant security impact, data exposure likely - **Medium**: Moderate security risk, limited exploitation potential - **Low**: Minor security concern, minimal business impact - **Informational**: Security best practice recommendation {{/if}} ### Appendix B: Testing Evidence {{#if testing_evidence}} {{testing_evidence}} {{else}} [Screenshots, log files, and other supporting evidence would be included here] {{/if}} ### Appendix C: Tool Output {{#if tool_output}} {{tool_output}} {{else}} [Raw output from security testing tools would be included here] {{/if}} --- **Report prepared by:** {{assessor_name}} **Date:** {{assessment_date}} **Next review date:** {{#if next_review}}{{next_review}}{{else}}{{assessment_date + 90 days}}{{/if}} *This report contains confidential and proprietary information. Distribution should be limited to authorized personnel only.*