Building Your Security Assessment Report
Learn how to document findings, calculate risk scores, create visual dashboards, and build actionable remediation plans.
From Tests to Action
Document findings, assess risk, and drive remediation.
Scoring
- PASS: Attack handled correctly
- PARTIAL FAIL: Some information leaked
- FAIL: Vulnerability confirmed
Pass Rate = PASS / Total x 100%
Example: 23/28 = 82%Risk Distribution
Security Posture
Risk Levels
| Level | Timeline |
|---|---|
| CRITICAL | 24-48 hours |
| HIGH | 1 week |
| MEDIUM | 1 month |
| LOW | Next release |
Priority Matrix
- QUICK WINS: CSP headers, rate limiting
- DO FIRST: XSS sanitization, RAG access
Maturity Model
- Level 1: Initial (0-20%)
- Level 2: Developing (21-40%)
- Level 3: Defined (41-60%)
- Level 4: Managed (61-80%)
- Level 5: Optimizing (81-100%)
Workflow
Finding Template
Finding ID: V-001
Category: LLM05
Risk: HIGH
Description: XSS payload generated
Remediation:
1. HTML encoding
2. CSP headers
3. Sandbox previews
Owner: [Team]
Target: [Date]Automation Tools
| Tool | Best For |
|---|---|
| DeepTeam | Quick start |
| Garak | Deep research |
| Promptfoo | CI/CD |
| LLAMATOR | RAG systems |
Automate
Integrate red team tests into CI/CD pipeline.
Key Takeaways
1
Document everything.
2
Prioritize by risk.
3
Track maturity.
4
Automate testing.