NeoShield Security logo NeoShield Security Quantum X

// sample report

Website Vulnerability Scan — Sample Report

This is a sample report — an illustrative example for evaluation only. It does not describe any specific customer or system.

Example scenario

A small SaaS team runs a non-invasive scan of their public marketing site and login page before a launch.

Executive summary

The scan reviewed the publicly observable surface only. Three issues were prioritised: a missing Content-Security-Policy, a cookie set without the Secure attribute, and an outdated jQuery version with known advisories. None indicate an active compromise; all are hardening items to close before launch.

Findings

IDFindingSeverityMapping
VS-01 Missing Content-Security-Policy header Medium OWASP A05:2021 · CWE-693 · NIST SC-18
VS-02 Session cookie missing Secure attribute Medium OWASP A05:2021 · CWE-614 · NIST SC-8
VS-03 Outdated front-end library Low OWASP A06:2021 · CWE-1104 · NIST SI-2

Details

VS-01 · Missing Content-Security-Policy header

Medium

Evidence. No Content-Security-Policy header returned on / and /login responses.

Risk. Without a CSP, injected scripts have fewer barriers, increasing the impact of any cross-site scripting flaw.

Defensive countermeasure. Add a strict Content-Security-Policy (start report-only, then enforce). Avoid inline scripts so the policy can be tight.

OWASP A05:2021 · CWE-693 · NIST SC-18

VS-02 · Session cookie missing Secure attribute

Medium

Evidence. Set-Cookie for the session identifier lacked the Secure flag over HTTPS.

Risk. A cookie without Secure can be transmitted over an unencrypted channel and exposed to interception.

Defensive countermeasure. Set Secure, HttpOnly, and SameSite on session cookies; serve the whole site over HTTPS with HSTS.

OWASP A05:2021 · CWE-614 · NIST SC-8

VS-03 · Outdated front-end library

Low

Evidence. A bundled JavaScript library reported a version with published security advisories.

Risk. Known client-side issues can be leveraged if a matching sink exists in the application.

Defensive countermeasure. Upgrade to a current release and add dependency checks to your build pipeline.

OWASP A06:2021 · CWE-1104 · NIST SI-2

Related NeoShield tool

Open AI Vulnerability Scanner →

Defensive use only. This platform is for defensive and authorized security work only. Do not scan, test, or analyze systems you do not own or have explicit permission to assess. Sample reports never include offensive exploit steps.