Ticket details

The ticket details page provides a comprehensive explanation of vulnerabilities detected by the API scanner. In the General Information section, users can view essential details such as the Collection Name, Severity of the vulnerability, its Status, the Scan Type that was used, the date it was Created On, and the Base URL where the scan was performed.


In the Risk Information section, users will find important risk assessment data, including the CVSS (Common Vulnerability Scoring System) scores for both V2 and V3, which help evaluate the severity of the vulnerability. Additionally, there will be CWE (Common Weakness Enumeration) reference links to provide more context and understanding of the identified vulnerabilities.

The Description section gives a detailed explanation of the vulnerability itself, outlining what it is, how it can occur, and the specific behavior that led to its detection during the scan. This section helps users understand the nature of the issue.


The Security Impact section explains the potential damage or risk posed by the vulnerability, such as data leaks, unauthorized access, or other security breaches. It helps users assess the seriousness of the issue and the implications if left unaddressed.


In the Workaround/Mitigation section, users will find suggestions or recommended steps to resolve or reduce the risk posed by the vulnerability. This may include temporary fixes, code changes, configuration adjustments, or security best practices that can help protect against exploitation.


The Affected URL section lists the specific URLs or endpoints where the vulnerability was found. This provides a clear reference for where remediation efforts should be focused.

The Affected URL section also shows the user can also copy the request in Curl format to reproduce it at your end manually.


On the last scan page for each scan target, you will find the functionality to mark a detected finding as a false positive. This feature allows you to manage findings that you do not want to address in future scans. When marking a finding, you have two options to choose from:

  1. False Positive: By selecting this option, you indicate that the finding is a false positive. This tells the scanner not to flag this issue again in future scans.
  2. Accept Risk: If you choose this option, you acknowledge that you are aware of the risk associated with the finding but have decided to accept it. This will prevent the finding from being flagged in subsequent scans.


Once you mark a finding, it will be listed in the Ignored Findings table. This table allows you to review all the findings you have marked, along with the reason for ignoring them. If you decide to re-include a finding in future scans, you have the option to Undo the mark. By selecting Undo, the finding will be moved back to the findings list and will appear in future scan results.

Discard
Save
Draft
Edit Page New Page Revisions Page Settings

Previous Page

Left

Next Page

Right