GET: Web Application Security Finding Details – Bitsight Knowledge Base

https://api.bitsighttech.com/ratings//v1/companies/company_guid/findings?risk_vector=web_appsec

Get an organization’s Web Application Security finding details.

Parameters
Example Request
Example Response
Response Attributes

Evidence Details

The details in the evidences field vary by assessment.

Cross-Site Scripting:
- cross_domain_subresource_integrity_check
- cross_domain_subresource_integrity_failure
- content_security_policy
- csp_violation
- javascript_library_vulnerabilities
Components with Known Vulnerabilities: exposed_csm_admin_page
Broken Authentication and Access Control:
- cross_site_request_forgery
- authentication_on_insecure_channel
- secure_cookie_on_insecure_channel
Sensitive Data Exposure:
- session_token_in_url
- mixed_content
- hsts_preload_present
- cookie_same_site_attribute
- cookie_same_site_blocked
- unsafe_referrer_policy
- internal_server_error
Security Misconfiguration:
- reverse_tabnabbing
- tls_error
- directory_listing_exposure
- cors_violation
- permissive_cors_whitelist
- https_to_http_redirect

Parameters

For details specific to Web Application Security, use the ?risk_vector=web_appsec parameter. Other query parameters are listed in GET: Finding Details.

Example Request

curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=web_appsec -u entity_guid/assets -u api_token:

Example Response

{
  "links":{
    "next":"https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?limit=100&offset=100&risk_vector=web_appsec",
    "previous":null
  },
  "count":169,
  "results":[
    […]
    {
      "temporary_id":"A9Jq47BBjed53f930d7ef87e2ffd133788f5f5317177e540b2d71f5ee5df68361677cc23b4",
      "affects_rating":false,
      "assets":[
        {
          "asset":"example.domain.org",
          "identifier":null,
          "category":"critical",
          "importance":0.1,
          "is_ip":false,
          "asset_type":"Domain"
        }
      ],
      "details":{
        "cvss":{
          "base":[ ]
        },
        "check_pass":"",
        "diligence_annotations":{
          "evidences":[
            […]
            {
              ⊕ See evidence details specific to the assessment

              "status":"Failed",
              "severity":"Minor",
              "assessmentName":"authentication_on_insecure_channel"
            }
          ],
        },
        "failed_evidence":2,
        "grade":"NEUTRAL",
        "remediations":[
          […]
        ],
        "sample_timestamp":"2023-12-13T01:00:13Z",
        "total_evidence":2,
        "vulnerabilities":[ ],
        "assessment_name":"cross_site_request_forgery",
        "rollup_end_date":"2023-12-13",
        "rollup_start_date":"2023-12-13",
        "searchable_details":"Cross Site Request Forgery"
      },
      "evidence_key":"example.domain.org:80",
      "first_seen":"2023-12-13",
      "last_seen":"2023-12-13",
      "related_findings":[ ],
      "risk_category":"Diligence",
      "risk_vector":"web_appsec",
      "risk_vector_label":"Web Application Security",
      "rolledup_observation_id":"mG2JT3rQ-xicbspF-lJWjw==",
      "severity":1.0,
      "severity_category":"minor",
      "tags":[
        "adsfasdfafa"
      ],
      "remediation_history":{
        "last_requested_refresh_date":"2024-06-19",
          "last_refresh_status_date":"2024-06-23",
          "last_refresh_status_label":"failed",
        "last_refresh_status_reason": "asset_not_found",
          "last_refresh_reason_code":"asset unreachable",
          "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98",
        "result_finding_date": null
      },
      "asset_overrides":[ ],
      "duration":null,
      "comments":null,
      "remaining_decay":null,
      "remediated":null,
      "impacts_risk_vector_details":"LIFETIME_EXPIRED"
    }
  ]
}

Response Attributes

Field							Description
links Object							Navigation for multiple pages of results. See pagination.
	next String						The URL for navigating to the next page of results.
	previous String						The URL for navigating to the previous page of results.
count Integer							The number of findings.
results Array							Findings and their details.
	Object						A finding.
		temporary_id String					A temporary identifier for this finding.
		affects_rating Boolean					`true` = This finding impacts the letter grade.
		assets Array					Asset details.
			Object				An asset.
				asset String			The asset name.
				identifier Null			For internal Bitsight use.
				category String			The Bitsight-calculated asset importance.
				importance Decimal			The Bitsight-calculated asset importance.
				is_ip Boolean			`true` = This asset is an IP address.
				asset_type String			The type of asset.
		details Object					Details of this finding.
			cvss Object				If the finding has an associated vulnerability, this contains the CVSS score.
				base Array			CVSS scores of vulnerabilities associated with this finding.
			check_pass String				For internal Bitsight use.
			diligence_annotations Object				Diligence finding details.
				evidences Array			Evidence collected when a specific web application was assessed.
					Object		The collected evidence. See details specific to the assessment (`assessmentName`): Cross-Site Scripting: `cross_domain_subresource_integrity_check` `cross_domain_subresource_integrity_failure` `content_security_policy` `csp_violation` `javascript_library_vulnerabilities` Components with Known Vulnerabilities: `exposed_csm_admin_page` Broken Authentication and Access Control: `cross_site_request_forgery` `authentication_on_insecure_channel` `secure_cookie_on_insecure_channel` Sensitive Data Exposure: `session_token_in_url` `mixed_content` `hsts_preload_present` `cookie_same_site_attribute` `cookie_same_site_blocked` `unsafe_referrer_policy` `internal_server_error` Security Misconfiguration: `reverse_tabnabbing` `tls_error` `directory_listing_exposure` `cors_violation` `permissive_cors_whitelist` `https_to_http_redirect`
						status String	The assessment results or status.
						severity String	The finding severity.
						assessmentName String	The assessment name that the evidence is associated with.
			failed_evidence Integer				The number of findings with failing evidence.
			grade String				The finding grade.
			remediations Array				Information about the finding and instructions to remediate it.
			sample_timestamp String [`YYYY-MM-DDTHH:MM:SSZ`]				The date and time when this finding was observed.
			total_evidence Integer				The total number of available evidence.
			vulnerabilities Array				This is not applicable to Web Application Security findings.
			assessment_name String				The assessment name that the evidence is associated with.
			rollup_end_date String [`YYYY-MM-DD`]				The date when this finding was last observed.
			rollup_start_date String [`YYYY-MM-DD`]				The date when this finding was first observed.
			searchable_details String				Details that can be searched in the Bitsight platform.
			evidence_key String				The asset (domain or IP address) that’s attributed to this finding.
		first_seen String [`YYYY-MM-DD`]					The date when this finding was first observed.
		last_seen String [`YYYY-MM-DD`]					The date when this finding was last observed.
		related_findings Array					Related findings and their details.
		risk_category String					The risk category.
		risk_vector String					The risk vector slug name.
		risk_vector_label String					The risk vector display name.
		rolledup_observation_id String					A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession.
		severity Decimal					This finding’s Bitsight severity.
		severity_category String					This finding’s Bitsight severity.
		tags Array					Infrastructure tags identifying the asset.
		remediation_history Object					If `?expand=remediation_history` parameter is set, the remediation history of the finding is included.
			last_requested_refresh_date String [`YYYY‑MM‑DD`]				The date when a finding rescan that included this finding was last requested.
				last_refresh_status_date String [`YYYY‑MM‑DD`]			The date when a rescan of the remediation status of this finding was last requested.
				last_refresh_status_label String			The current rescan status of this finding.
			last_refresh_status_reason String				The rescan status.
				last_refresh_reason_code String			The reason code for the rescan status.
				last_refresh_requester String [`user_guid`]			The unique identifier of the user who requested the rescan.
			result_finding_date String [`YYYY-MM-DD`]				The first seen date of the finding that resulted from the rescan, if applicable.
		asset_overrides Array					User-assigned asset importance details.
		duration Null					For internal Bitsight use.
		comments Null					A thread of finding comments.
		remaining_decay Integer					The remaining finding lifetime.
		remediated Boolean					`true` = The finding is remediated.
		impacts_risk_vector_details String					Values: `AFFECTS_RATING` `LIFETIME_EXPIRED`

February 28, 2025: Added last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes.
July 17, 2024: sampled no longer supported.
May 15, 2024: Assessment annotations grouped by assessment into evidences field.

Feedback

3 comments

Kensuke Yuge

March 18, 2025 00:54
The page is supposed to be about the API for Web Application Security, but it contains content related to botnet infections.
1
Harry Paul

April 10, 2025 16:57
This page is describing botnet infections instead of web app sec. Since the details vary per vector, this means the models for the new web app sec findings are not documented anywhere. Could you please update? This was reported by another user 3 weeks ago. Is there a better channel to report this sort of issue?
0
Ingrid

April 11, 2025 16:20
Sorry for the slow response. This error is now fixed.
0

Please sign in to leave a comment.

Evidence Details

Parameters

Example Request

Example Response

Response Attributes

Related articles