The Insecure Systems risk vector assesses endpoints (which can be any computer, server, device, system, or appliance with internet access) that are communicating with an unintended destination. The software of these endpoints may be outdated, tampered, or misconfigured. A system is classified as “insecure” when these endpoints try to communicate with a web domain that doesn’t yet exist or isn’t registered to anyone.
Finding Details
The details include the data in Findings, Diligence details, and also the following information:
Field | Description |
---|---|
Event Detail | A summary of the finding. |
Path Info | The URL path. |
Risks | A description of the risks involved with the system. |
Server Name | The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. |
Severity Level | Finding severity, which is a measurement of the amount of risk that the finding introduces. |
Source IP | The source IP address. |
Source Port | The source port number. |
User-Agent | The user’s browser details. |
- October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu.
- April 8, 2021: Published.
Feedback
0 comments
Please sign in to leave a comment.