Scan details


The Scan Details Page provides detailed insights into a specific scan execution for an API collection. It contains three main sections: Scan Information, Statistics (with a Pie Chart), and the Vulnerability List Tab. Below is a detailed explanation of each section.

1. Scan Information

This section displays metadata related to the specific scan execution. It helps users identify the details of the scan.

  1. URL: The base URL of the API that was scanned (e.g., http://haircutkart.com/routes).
  2. Started: The date and time when the scan began (e.g., Dec 21, 2024, 1:14 PM).
  3. Started By: The name or identifier of the user who initiated the scan (e.g., daisy m).
  4. Duration: The total time taken to complete the scan (e.g., 1m 47s).

2. Statistics (with Pie Chart)

This section summarizes the scan results, providing an overview of the vulnerabilities detected and endpoint details.

Components:

  1. Pie Chart: Visual representation of the severity levels of vulnerabilities detected.
  2. Color-Coded Sections:
  3. Amber: Critical vulnerabilities.
  4. Red: High vulnerabilities.
  5. Yellow: Medium vulnerabilities.
  6. Green: Low vulnerabilities.
  7. Statistics Summary: This section provides a quick summary of scan performance and outcomes, helping prioritize actions based on severity.
  8. Vulnerabilities: The total number of vulnerabilities detected in this scan (e.g., 34).
  9. Attack Requests Sent: Total number of requests made to test the endpoints (e.g., 996).
  10. Endpoints: The total number of endpoints scanned (e.g., 60).
  11. Authenticated: Number of endpoints secured with authentication mechanisms (e.g., 31).
  12. Overall Security Status:
  13. Highlighted in red as Critical to indicate the overall risk level for this scan.

3. Vulnerability List Tab

The Vulnerability List Tab provides a detailed breakdown of vulnerabilities detected during the scan. It allows users to analyze and address each issue.

Columns:

  1. Severity:
  2. Displays the severity level of the vulnerability (e.g., Critical, High, Medium).
  3. Icons and colors are used for quick identification:
  4. Amber: Critical
  5. Red: High
  6. Yellow: Medium
  7. Green: Low
  8. Title:
  9. The name or description of the vulnerability.
  10. Includes a unique identifier (e.g., #H4PRCN) for easier reference.
  11. Example: "Malicious JavaScript Injection via Supply Chain Attack (polyfill.io)".
  12. Endpoint:
  13. The specific endpoint where the vulnerability was detected (e.g., https://haircutkart.com/routes/service).
  14. Links allow users to trace the vulnerability back to its source.
  15. Status:
  16. Displays the current state of the vulnerability, defaulting to Open.
  17. A dropdown menu allows users to update the status (e.g., Open, False Positive and Accepted Risk).

4. Ignored Vulnerability

It is the list of vulnerabilities with False Positive and Accepted Risk


The Execution Details Page is designed to give a comprehensive view of a scan execution, helping users understand the vulnerabilities detected, their severity, and where they occur. It aids in prioritizing security tasks and ensures that API vulnerabilities are managed effectively.

Discard
Save
Draft
Edit Page New Page Revisions Page Settings

Previous Page

Left

Next Page

Right

On this page