Vulnerability Details Report - Site
The Vulnerability Details Report includes detailed description of the vulnerabilities found in each site selected for this report, grouped by category, and includes for reference the code snippets associated with the vulnerabilities along with appropriate remediation instructions, followed by a list of the specific instances of that vulnerability found in the application code. This is an excellent report for helping developers remediate vulnerabilities, or providing an in-depth understanding of the specific vulnerabilities found for a particular asset.
The The Vulnerability Details Report provides a list of assets included in this report, shown below.
This table sorts by the importance (score) of your site set by vulnerability assessor. The higher the score, the more important the site. Your vulnerabilities are then categorized by the vulnerability class and then by the vulnerability level.
A sample report for Insufficient Transport Layer Protection is shown below, each vulnerability is reported in the same format.
Descriptions and Solutions for each vulnerability class detailed in the table above are included in the report. References are provided for both description and solutions. A sample definition for Insufficient Transport Layer Protection is shown below.
This section details how the vulnerability levels are defined, risk Levels for the WhiteHat Sentinel Source solution are based on the OWASP risk rating methodology, based on the standard risk model (Risk = Likelihood x Impact) with several factors contributing to the likelihood and impact. The following tables show how the vulnerability ratings are calculated in The Vulnerability Details Report.
The Impact can be broken down into the Technical Impact and Business Impact. Technical impact considers the traditional areas of security: confidentiality, integrity, availability, and accountability.
The business impact stems from the technical impact and consider things such as: financial damage, reputational damage, non-compliance, and privacy violations.
After scoring the Likelihood and Impact, the Risk Rating is determined using the following table:
Risk ratings are defined below:
Vulnerability verification status indicated below:
The Vulnerability Details Report. can be run for Sites or groups; select your preference under the Generate For column in the Reports tab. You can select specific assets and specify:
Whether you want to see Open, Closed, or Both (all) vulnerabilities.
Which vulnerability classes you want to include in the detail report.
The date range for the report.
Which severity levels should be included in the report.
Whether or not Attack Vectors should be shown.
Whether or not the CVSS Score should be shown.
You can select what is to be included in the report by individual site or by group.
For more information on generating reports, please see Reports Section.