37 lines
1009 B
XML
37 lines
1009 B
XML
<finding id="..." threatLevel="Moderate" type="Information Leak">
|
|
|
|
<!--
|
|
id needs to be unique across the report, preferably identical to the filename
|
|
(without extension).
|
|
|
|
threatLevel can be Low, Moderate, Elevated, High or Extreme.
|
|
|
|
type is the root cause, written in Title Case.
|
|
|
|
Examples: Easily Guessable Credentials
|
|
Lack Of Application Hardening
|
|
Lack Of Webserver Hardening
|
|
Missing Patch
|
|
Network Design Flaw
|
|
-->
|
|
|
|
<title>Title Case</title>
|
|
|
|
<description>
|
|
Short general description of the problem ending with a dot.
|
|
</description>
|
|
|
|
<technicaldescription>
|
|
Long and/or in-depth description of the problem.
|
|
</technicaldescription>
|
|
|
|
<impact>
|
|
Impact on the system. What are the consequences if someone were to exploit this issue?
|
|
</impact>
|
|
|
|
<recommendation>
|
|
Recommendation for the client: what steps need to be taken to resolve the issue?
|
|
</recommendation>
|
|
|
|
</finding>
|