Assess identified vulnerabilities for exploitability, impact, and risk. Provide CVSS scoring and remediation strategies. Use when analyzing security findings.
This skill provides deep analysis of security vulnerabilities, evaluating exploitability, assessing business impact, calculating risk scores, and providing detailed remediation strategies.
Categorize by Type:
Injection Vulnerabilities:
Broken Authentication:
Sensitive Data Exposure:
XML External Entities (XXE):
Broken Access Control:
Security Misconfiguration:
Cross-Site Scripting (XSS):
Insecure Deserialization:
Using Components with Known Vulnerabilities:
Insufficient Logging & Monitoring:
Deliverable: Categorized vulnerability list
Evaluate Ease of Exploitation:
Easy (High Exploitability):
Medium Exploitability:
Hard (Low Exploitability):
Assessment Criteria:
Deliverable: Exploitability rating for each vulnerability
Assess Business Impact:
Confidentiality Impact:
Integrity Impact:
Availability Impact:
Business Impact Examples:
Critical Business Impact:
High Business Impact:
Medium Business Impact:
Low Business Impact:
Deliverable: Impact assessment for each vulnerability
Calculate CVSS v3.1 Score:
Base Metrics:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality Impact (C):
Integrity Impact (I):
Availability Impact (A):
CVSS Score Ranges:
Example CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Score: 9.8 (Critical)
Use CVSS Calculator:
# If available, use online calculator:
# https://www.first.org/cvss/calculator/3.1
Deliverable: CVSS score and vector for each vulnerability
Risk Matrix:
| Severity | Exploitability | Priority | SLA |
|---|---|---|---|
| Critical | Easy | P0 | 24 hours |
| Critical | Medium | P0 | 24 hours |
| Critical | Hard | P1 | 7 days |
| High | Easy | P0 | 24 hours |
| High | Medium | P1 | 7 days |
| High | Hard | P2 | 30 days |
| Medium | Easy | P2 | 30 days |
| Medium | Medium | P2 | 30 days |
| Medium | Hard | P3 | 90 days |
| Low | Any | P3 | 90 days |
Priority Definitions:
Additional Risk Factors:
Deliverable: Prioritized vulnerability list with SLAs
Demonstrate Impact (Safely):
SQL Injection Example:
Input: ' OR '1'='1
Expected: Authentication bypass or data exposure
Actual: [observed behavior]
XSS Example:
Input: <script>alert('XSS')</script>
Expected: Script execution
Actual: [observed behavior]
Path Traversal Example:
Input: ../../etc/passwd
Expected: Access to restricted files
Actual: [observed behavior]
IMPORTANT:
Deliverable: Safe proof of concept for high-priority vulnerabilities
Provide Fix Recommendations:
SQL Injection:
# VULNERABLE
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
# SECURE
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
Command Injection:
# VULNERABLE
os.system(f"ping {user_input}")
# SECURE
import subprocess
subprocess.run(["ping", "-c", "1", user_input], check=True)
XSS:
// VULNERABLE
element.innerHTML = userInput;
// SECURE
element.textContent = userInput;
// Or use DOMPurify for HTML
element.innerHTML = DOMPurify.sanitize(userInput);
Weak Cryptography:
# VULNERABLE
import hashlib
hash = hashlib.md5(password.encode()).hexdigest()
# SECURE
from passlib.hash import argon2
hash = argon2.hash(password)
Insecure Deserialization:
# VULNERABLE
import pickle
data = pickle.loads(user_data)
# SECURE
import json
data = json.loads(user_data)
Path Traversal:
# VULNERABLE
with open(f"/uploads/{filename}", 'r') as f:
content = f.read()
# SECURE
import os
safe_path = os.path.join("/uploads", os.path.basename(filename))
if not safe_path.startswith("/uploads/"):
raise ValueError("Invalid path")
with open(safe_path, 'r') as f:
content = f.read()
Remediation Strategy Components:
Deliverable: Detailed remediation guide for each vulnerability
Assess Third-Party Dependencies:
Evaluate CVEs:
# Get CVE details
curl https://nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-XXXXX
# Check fix availability
pip show <package-name>
pip index versions <package-name>
Assessment Checklist:
Remediation Options:
Example Assessment:
### CVE-2024-12345 - requests package
**Severity**: High (CVSS 7.5)
**Affected**: requests < 2.31.0
**Current Version**: 2.28.0
**Fixed In**: 2.31.0
**Vulnerability**: SSRF via redirect handling
**Exploitability**: Medium
- Requires attacker to control redirect URLs
- Application must follow redirects
**Impact**: High
- Can access internal network resources
- Potential data exfiltration
**Recommendation**: Upgrade to 2.31.0+
**Breaking Changes**: None
**Upgrade Risk**: Low
**Action**: Upgrade immediately (P1)
Deliverable: Dependency vulnerability assessment with upgrade plan
# Vulnerability Assessment Report
**Date**: [YYYY-MM-DD]
**Assessed By**: Vulnerability Assessor
**Scope**: [Application/Component]
## Executive Summary
Total Vulnerabilities: [count]
- Critical: [count] (P0: [count], P1: [count])
- High: [count] (P0: [count], P1: [count], P2: [count])
- Medium: [count]
- Low: [count]
Immediate Actions Required: [count]
## Detailed Assessments
### [Vulnerability ID] - [Title]
**Category**: [OWASP Category]
**Severity**: [Critical/High/Medium/Low]
**CVSS Score**: [score] ([vector])
**Priority**: [P0/P1/P2/P3]
**SLA**: [timeframe]
**Location**: [file:line]
**Description**:
[What is the vulnerability]
**Exploitability**: [Easy/Medium/Hard]
[Rationale for exploitability rating]
**Impact**:
- Confidentiality: [None/Low/High]
- Integrity: [None/Low/High]
- Availability: [None/Low/High]
- Business Impact: [description]
**Proof of Concept**:
[Safe PoC]
**Remediation**:
*Immediate Mitigation*:
[Quick fix to reduce risk]
*Proper Fix*:
```python
[Code example]
Verification: [How to test fix works]
Prevention: [How to avoid in future]
References:
[List]
[List]
Week 1:
Week 2:
Month 2-3:
[Overall assessment and next steps]
---
## Best Practices
**Assessment**:
- Use consistent scoring methodology
- Document all assumptions
- Consider environmental factors
- Account for compensating controls
- Review with security team
**Prioritization**:
- Business context matters
- Exploit availability increases priority
- Compliance requirements elevate risk
- Customer data > internal data
- Authentication/authorization issues are critical
**Remediation**:
- Fix root cause, not symptoms
- Defense in depth - multiple controls
- Test fixes thoroughly
- Document changes
- Share lessons learned
**Communication**:
- Be clear and concise
- Avoid fear-mongering
- Provide actionable guidance
- Educate developers
- Track progress
---
## Integration with Security Workflow
**Input**: Security scan results
**Process**: Detailed vulnerability analysis and risk assessment
**Output**: Prioritized remediation roadmap
**Next Step**: OWASP compliance checking or implementation
---
## Remember
- **Context is key**: Same vulnerability has different risk in different contexts
- **Exploitability matters**: Critical vulnerability that's hard to exploit may be lower priority than high vulnerability that's easy to exploit
- **Business impact drives priority**: Focus on what matters to the business
- **Provide solutions**: Don't just identify problems
- **Track to closure**: Ensure fixes are implemented and verified
- **Learn from findings**: Use vulnerabilities to improve secure coding practices
Your goal is to provide actionable security intelligence that enables effective risk-based remediation.
