The Executive Dashboard

The Executive Dashboard provides reports and metrics with persistence of vulnerabilities and correlation with other applications and projects. This dashboard provides not just average remediation time, but many other analytics and trends to monitor and report the overall security health for a complete application security footprint. To access this tab:

  1. From the main WhiteHat Portal menu, select Summary.

    dashboard exec 1

  2. From the tabs displayed, select the Dashboard tab.

  3. From the dropdown list, choose Executive.

  4. Select which asset type that you want to see analytics displayed for: Sites or Applications.

    The Sites Dashboard includes both DAST and API data. The Applications Dashboard includes both SAST and Mobile data.

  5. Select from the dropdown list which vulnerability Risk Level you want to display.

    Selecting a Risk Level from the drop-down list will only filter the results on the Trend - Vulnerabilities and Vulnerability Statistics widgets.

  6. Select from the dropdown list a specific asset group or to display All Assets.

  7. Optionally you can export the dashboards to PDF or CSV files.

Overview of Executive Dashboard

dashboard exec summ1
Field No. Field Name Description

1

Total and Open Vulnerabilities

This summarizes vulnerabilities currently open and closed over the lifetime of the asset. The following information is displayed:

  • The Total Vulnerabilities found in the history of the asset.

  • How many vulnerabilities have been closed.

  • How many vulnerabilities are currently open.

  • The severity category that the Open Vulnerabilities fall into.

The total vulnerabilities and total vulnerabilities closed are both for the lifetime of the asset in WhiteHat Portal. Over time, the total vulnerabilities closed numbers should be much larger than the currently open vulnerabilities.

2

Vulnerability Trends

The Trend - Vulnerabilities table displays your closed vulnerabilities, new vulnerabilities, and total open vulnerabilities month-by-month. This will illustrate your improvement over time and will show up to twelve months of data.

  • First Opened reflects the number of vulnerabilities first opened during that month.

  • Latest Closed reflects the number of vulnerabilities most recently closed during that month.

  • Latest Reopened shows the number of vulnerabilities reopened in that month.

  • Open - Closed reflects the sum of the vulnerabilities first opened that month minus the total number of vulnerabilities closed in that month.

EXAMPLE: In the table above, the month of August shows:

  • 0 vulnerabilities first opened in that month

  • 17 vulnerabilities closed

  • 2 vulnerabilities re-opened

  • The Opened - Closed figure is -17 because 0 (first opened) minus 17 (latest closed) is -17. The two vulnerabilities that were re-opened during August are not counted in this total.

Below the Trend - Vulnerabilities table, you will see the Trend - Open Vulnerabilities line chart, which breaks out open vulnerabilities by severity. Also, you will see the Trend - Remediation bar chart showing vulnerabilities opened against vulnerabilities closed.

3

Site Status If the Applications option is selected at the top of the screen, this will be named Application Status

Asset status will show the total count for your assets either sites or applications.

For site assets as displayed in the image above, you will see a summary of how many sites are within each service plan (BE, SE, or PE) and how many still need to have credentials or scan schedules set. In the example above, 19 sites need credentials, and 14 require schedules.

If an asset is missing credentials, it cannot be fully scanned. If an asset is missing a schedule, it will only be scanned when a user specifically requests it using Scan Now.

For application assets see the image below, you will see the applications requiring repository configuration, the total needing a schedule set and also the total that have completed their initial scan.

dashboard apps status

4

Vulnerability Statistics

Vulnerability Statistics show the average age of vulnerabilities by severity and the time it has been taking to remediate them. The average time to fix is the average of date closed minus date opened and only includes vulnerabilities that have a closed date.

5

Most Common Vulnerabilities

This displays your most common vulnerability classes, sorted by the number of open vulnerabilities in that class.

6

Most Vulnerable Assets

This displays your most vulnerable assets either Sites or Applications. These are the assets with the greatest number of urgent or critical vulnerabilities, sorted by number size.