The Web Application Security risk vector performs multiple assessments related to web application security. It provides information about components with known vulnerabilities, broken authentication and access control, sensitive data exposure, cross-site scripting prevention mechanisms, and security misconfigurations.
Finding Details
The details include the data in Findings, Diligence details, and also the following information:
Field | Description |
---|---|
❖ Web App Security Test | Name of the web application security test. |
Category | Name of the web application security test category. |
Description | Summary description of the objective of all the tests within this category. |
Framework References | OWASP and CWE frameworks references that provide context to the applicability of the test. |
Issue | Description of the issue identified. |
Details | Description of the possible impacts of the issue identified. |
Remediation Instructions | Information that will help a user to resolve a negative finding. |
❖ Total Evidence Count | The total amount of evidence associated with the finding. |
❖ Failed Evidence Count | The amount of failed evidence associated with the finding. |
❖ Evidence | A list of the evidence that was collected when assessing a specific web application. |
❖ This field can be added to or removed from the table from the Customize Columns option.
- May 28, 2024: Added the Evidence field. Specified which fields may be added to or removed with the Customize Columns option.
- January 19, 2024: Findings page navigation by application.
- July 20, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.