Skip to content

Vulnerability Database

The Vulnerability Database (also called Templates) is a powerful feature in APTRS that provides a centralized repository of security findings that can be reused across multiple penetration testing projects. This feature significantly enhances efficiency, consistency, and reporting quality throughout your security assessment workflow.

Vulnerability Database Interface

Overview

The Vulnerability Database serves as a knowledge base for your organization's security findings, allowing you to:

  • Maintain a library of well-documented security vulnerabilities
  • Ensure consistent vulnerability descriptions across all reports
  • Standardize remediation advice and technical details
  • Save time by reusing content rather than recreating it
  • Improve report quality with polished, pre-reviewed findings

Key Benefits

Time Savings

Security consultants can save hours per assessment by reusing findings instead of rewriting standard vulnerabilities for each project.

Consistency Across Projects

By using templates from the Vulnerability Database, your organization ensures:

  • Uniform vulnerability naming conventions
  • Consistent severity ratings for similar issues
  • Standardized remediation recommendations
  • Professional, error-free descriptions

Working with the Vulnerability Database

Accessing the Database

The Vulnerability Database can be accessed through:

  1. The main navigation sidebar under "Vulnerability DB"
  2. Direct URL navigation to /vulnerabilities

Creating New Vulnerability Templates

To add a new vulnerability template:

  1. Navigate to the Vulnerability Database
  2. Click the "Add Vulnerability" button
  3. Complete the vulnerability form with the following information:
  4. Title: Clear, concise name of the vulnerability
  5. Description: Detailed explanation of the issue
  6. Impact: Business and security implications
  7. Solution: Recommended remediation steps
  8. References: Links to relevant standards or resources
  9. CVSS Score: Calculated severity rating
  10. Categories: Classification tags for the vulnerability

Using Templates in Projects

APTRS provides multiple methods to access and use vulnerability templates within projects:

Method 1: Real-time Search in Add Vulnerability

When adding new vulnerabilities to a project:

  1. Click "Search" in the project vulnerability section
  2. Start typing in the title field
  3. A real-time dropdown will appear showing matching templates
  4. Select the appropriate template from the dropdown
  5. All template details will be automatically populated
  6. Customize project-specific information if needed
  7. Save the vulnerability to the project

When editing an existing vulnerability in a project:

  1. Open the vulnerability for editing
  2. Click in the title field
  3. Begin typing to see matching template options
  4. Select a template from the dropdown that appears
  5. Confirm you want to replace the current content with the template
  6. Adjust any details to match your specific findings
  7. Save the updated vulnerability

Quick Template Access

The real-time search feature makes it easy to find templates as you type, without having to navigate to a separate template section. This streamlines the process of adding standardized findings to your projects.

Template Customization

When using a template, you can still modify any of the vulnerability details to match the specific context of your current project while maintaining the core information.

Managing the Vulnerability Database

Organization Best Practices

For optimal management of your vulnerability database:

  • Categorize effectively: Create logical groupings for easier searching
  • Use consistent naming: Establish naming conventions for similar issues
  • Include technical details: Provide sufficient technical information for verification
  • Maintain references: Keep external links and standards up to date
  • Review periodically: Schedule regular reviews of database content

Permissions

Access to the Vulnerability Database is controlled by the "Manage Vulnerability Data" permission. Users with this permission can:

  • Create new vulnerability templates
  • Edit existing templates
  • Delete obsolete templates

Troubleshooting

Common Issues

Issue Solution
Template not appearing in search Check category assignments and spelling
Unable to edit template Verify you have "Manage Vulnerability Data" permission
Duplicate templates Search before creating new templates; merge if necessary
Inconsistent formatting Establish and follow organizational style guidelines

Best Practices for Vulnerability Templates

Content Quality

  1. Be thorough but concise: Include all relevant details without unnecessary text
  2. Use clear language: Avoid jargon when possible, define technical terms
  3. Include verification steps: Add steps to reproduce the vulnerability
  4. Provide practical remediation: Ensure solutions are actionable
  5. Cite authoritative sources: Reference industry standards (OWASP, CWE, etc.)

Example Template Structure

Text Only
Title: Insecure Direct Object Reference (IDOR)

Description: The application fails to properly verify that the requesting user
has access to the requested resource. By manipulating resource identifiers (IDs),
an attacker can access other users' data or functionality.

Impact: This vulnerability allows unauthorized access to sensitive information,
potentially leading to data breaches and privacy violations.

Solution: Implement proper access control checks that verify the authenticated
user has permission to access the requested resource.

References:
- OWASP Top 10 2021: A01 Broken Access Control
- CWE-639: Authorization Bypass Through User-Controlled Key