Report Example
Security Report Example
Our reports are structured to provide clear, actionable insights.
ℹThis is a sanitized demonstration report created to illustrate the structure and quality of a typical SurfaceDelta vulnerability assessment. No real client systems are represented.
Web Application Vulnerability Assessment
Target: example-store.com · Testing window: March 2026
Moderate Risk5 Findings
SurfaceDelta conducted a vulnerability assessment of the target e-commerce web application to identify weaknesses affecting customer data, authentication security, and overall attack surface. The assessment combined automated scanning with manual validation to identify realistic risks while eliminating false positives.
The application demonstrated generally strong transport security. However, several configuration weaknesses and one sensitive credential exposure were identified. No evidence of active compromise was discovered during testing.
Key observations:
- A third-party API key was identified embedded in a client-side JavaScript bundle and confirmed active at time of testing
- GraphQL introspection is publicly enabled, allowing unauthenticated enumeration of the full API schema
- CORS policy permits credentialed cross-origin requests from unvalidated origins on two API endpoints
- Session cookie configuration lacks HttpOnly attribute, increasing exposure if an injection vulnerability is later introduced
Overall risk level
Moderate
Total findings
5
Active compromise
None detected
Assessment type
External web application