Application Findings Tab

The application Findings tab offers a list of the vulnerabilities that have been identified for the selected application. To view this:

  1. Click Assets in the main WhiteHat Portal toolbar and select an application.

    asset application findings
  2. In the Assets toolbar click Findings.

  3. Use the Filter to filter results to find what you want. It can be filtered to show only specific classes of vulnerabilities, specific ratings, particular vulnerability statuses (e.g. open or closed), opened dates or closed dates.

  4. View your filtered list of vulnerabilities and identify the one that you wish to examine more closely. You can click on each vulnerability to drill into the Vulnerability Detail interface, or you can place a tick in the checkbox beside vulnerabilities and use the Bulk Actions button. For each vulnerability, you will see:

    • a unique Vuln ID that identifies that particular vulnerability

    • the vulnerability Rating (low, medium, high, or critical)

    • the vulnerability Class

    • the Status (open/closed) of the vulnerability

    • the date on which the vulnerability was Last Opened

    • the date on which the vulnerability was Last Closed

    • the Last Retest date for the vulnerability

    • the option to request a Retest of the vulnerability

  5. Use the Quick Actions if desired. These are the main actions that can be taken from this interface.

Quick Actions

Below each vulnerability you will see Quick Actions available:

  1. Attack Vectors - Details of when and where the vulnerability was found.

    asset application findings attack vectors
    1. Location - The location of the vulnerability.

    2. Found Revision - The revision of the codebase scanned when vulnerability was found for first time.

      This may or may not be the actual revision where the vulnerability was introduced by the developer, since there can be many revisions submitted in a single day.
    3. Vector ID - Detail about the source code trace.

  2. Vulnerability Notes - View and add notes here:

    quick actions vector notes
  3. Vulnerability Tags - View and add tags here:

    quick actions vuln tags

Video Tutorial - SAST (Applications) Findings Tab