{% extends "report_base.html" %} {% load static from staticfiles %} {% load display_tags %} {% load humanize %} {% load get_endpoint_status %} {% load get_note_status %} {% load event_tags %} {% block content %}

Test Security Report for {{ test.engagement.product.name }}

Engagement: {{ test.engagement.name }}
Test: {{ test }}
Generated: {% display_date %}

{% if include_table_of_contents%}

Table of Contents for {{ product.name }}

{% endif %} {% if include_executive_summary %}

Executive Summary

This report represents a security audit performed by the {{ team_name }} team. It contains confidential information about the state of your network and applications. Access to this information by unauthorized personnel may allow them to compromise your network.

{{ test.test_type.name }}
Environment Engagement Start Date End Date Progress
{{ test.environment }} {{ test.engagement }} {{ test.target_start }} {{ test.target_end }} {{ test.percent_complete }}%

A {{ test.test_type.name }} was conducted in the {{ test.environment.name }} environment {% if test.target_end %} from {{ test.target_start|date:"SHORT_DATE_FORMAT" }} to {{ test.target_end|date:"SHORT_DATE_FORMAT" }} {% else %} on {{ test.target_start|date:"SHORT_DATE_FORMAT" }} {% endif %} which yielded a total of {{ findings|length|apnumber }} finding{{ findings|length|pluralize }} of varying severity.

The test was part of {% if test.engagement.name %} the {{ test.engagement.name }} {% else %} an {% endif %} engagement which ran from {{ test.engagement.target_start|date:"SHORT_DATE_FORMAT" }} {% if test.engagement.target_end %} to {{ test.engagement.target_end|date:"SHORT_DATE_FORMAT" }}. {% else %} and is ongoing. {% endif %}

{% if test.engagement.test_set %}

The engagement also included the following tests which are not reported here:

    {% for t in test.engagement.test_set.all %} {% if test.id != t.id %}
  • {{ t.test_type.name }} ({{ t.environment.name|default:"unknown" }}): {{ t.target_start|date:"SHORT_DATE_FORMAT" }}
    • {% endif %} {% endfor %}
{% endif %}
Finding Age
Engagement Finding Count
{% endif %}
{% if include_finding_notes %} {% with notes=find.notes.all|get_public_notes %} {% if notes.count > 0 %}

Test Notes

{% for note in notes reversed %}

{{ note.author }} - {{ note.date }} - {{ note }}

{% endfor %} {% endif %} {% endwith %} {% endif %} {% if test.engagement.risk_acceptance.count > 0 %}

Accepted Findings

{% for risk in test.engagement.risk_acceptance.all %} {% for finding in risk.accepted_findings.all %} {% endfor %} {% endfor %}
Name Date Severity
{{ finding.title }} {{ finding.date }} {{ finding.severity }}
{% endif %}
{% if findings %}

Findings

{% endif %} {% for finding in findings %} {% ifchanged finding.severity %}

{{ finding.severity|capfirst }}

{% endifchanged %}
Finding {{ forloop.counter }}: {{ finding.title }} {% if finding.tags %} {% for tag in finding.tags %} {{ tag }} {% endfor %} {% endif %}
{% if finding.risk_acceptance_set.all %} {% endif %} {% if finding.mitigated %} {% endif %} {% if finding.cwe > 0 %} {% endif %} {% if finding.risk_acceptance_set.all %} {% endif %} {% if finding.mitigated %} {% endif %} {% if finding.cwe > 0 %} {% endif %}
Severity StatusAcceptanceDate discovered Age ReporterDate Mitigated Mitigated ByCWEDojo ID
{% if finding.severity %} {{ finding.severity }} {% else %} Unknown {% endif %} {{ finding.status }} View Risk Acceptance {{ finding.date }} {{ finding.age }} days {{ finding.reporter }}{{ finding.mitigated }} {{ finding.mitigated_by }} {{ finding.cwe }} {{ finding.id }}
{% with endpoints=finding.endpoints.all|get_vulnerable_endpoints %} {% if endpoints %}
{% if finding.file_path %}
Location
{% else %}
Vulnerable Endpoints / Systems
{% endif %}
{% if endpoints %} {% colgroup endpoints into 2 cols as grouped_items %} {% for row in grouped_items %} {% for item in row %} {% endfor %} {% endfor %}
{% if item %} {{ item }}{% endif %}
{% elif finding.file_path %}
File Path Line Number
{{ finding.file_path }} {{ finding.line }}
{% else %}
No endpoints.
{% endif %}
{% endif %} {% endwith %} {% with endpoints=finding.endpoints.all|get_remediated_endpoints %} {% if endpoints %}
{% if finding.file_path %}
Location
{% else %}
Remediated Endpoints / Systems
{% endif %}
{% if endpoints %} {% colgroup endpoints into 2 cols as grouped_items %} {% for row in grouped_items %} {% for item in row %} {% endfor %} {% endfor %}
{% if item %} {{ item }}{% endif %}
{% elif finding.file_path %}
File Path Line Number
{{ finding.file_path }} {{ finding.line }}
{% else %}
No endpoints.
{% endif %}
{% endif %} {% endwith %}
Description
{{ finding.description|markdown_render }}
Mitigation
{{ finding.mitigation|markdown_render }}
{% if finding.get_report_requests %}
Sample Request(s): Displaying {{finding.get_report_requests.count}} of {{finding.burprawrequestresponse_set.count}}
{% for req in finding.get_report_requests %}
Request {{forloop.counter}} 
{{ req.get_request }}
{% if req.get_response %}
Response {{forloop.counter}}
{{ req.get_response|truncatechars:800 }}
{% endif %} {% endfor %} {% endif %}
Impact
{{ finding.impact|markdown_render }}
{% if finding.steps_to_reproduce %}
Steps to Reproduce
{{ finding.steps_to_reproduce|markdown_render }}
{% endif %} {% if finding.severity_justification %}
Severity Justification
{{ finding.severity_justification|markdown_render }}
{% endif %}
References
{{ finding.references|markdown_render }}
{% if include_finding_images %}
Images
{% if finding.images.all.count > 0 %} {% for pic in finding.images.all %}

{% endfor %} {% else %}

No images found.

{% endif %} {% endif %} {% if include_finding_notes %} {% with notes=finding.notes.all|get_public_notes %} {% if notes.count > 0 %}
Notes
{% for note in notes reversed %} {% endfor %}
User Date Note
{{ note.author.username }} {{ note.date }} {{ note }}
{% endif %} {% endwith %} {% endif %} {% endfor %}
{% if include_table_of_contents %}
{% endif %}
{% endblock %} {% block js %} {% if include_executive_summary %} {% endif %} {% endblock %}