AppTrana
Getting Started
Frequently Asked Questions
Product Details
API Scan Coverage for OWASP Top 10
Whitelist Vulnerabilities on the AppTrana WAAP
API Request to Purge CDN Data
Analysis page - Attack Trend Visualisation
Advanced Behavioral DDoS
BOT Protection
Asset Discovery
Customize Application Behavior with Bot Score
Restricted Admin User
Self Service Rules
Configuring Custom Error Page in AppTrana
Enabling SIEM Integration
API Discovery Feature
SwyftComply
Analysis page - Access Trend Visualization
Manage WAAP Email Alerts
Enable and Configure Single Sign-On
WAF Automated Bypass and Unbypass
False Positive Analysis Report on WAAP
Product User Guide
Indusface WAS
Getting Started
Product User Guide
Summary
Dashboard
Malware Monitoring[MM]
Application Audit[AA]
Vulnerability Assessment[VA]
Reports
Settings
Asset Monitoring
New Reporting Structure
Frequently Asked Questions
Feature Summary
AcuRisQ – Risk Management with Advanced Risk Scoring
WAS Consulting License
API Key Based - Scan Log Export
WAS Defacement Checks
SIEM Integration with Sumo Logic
Indusface WAS Scanned Vulnerabilities
Total Application Security
Onboarding Documents
Indusface Newsletter
Indusface Product Newsletter - October 2021
Indusface Product Newsletter- April 2021
Indusface Product Newsletter-January21
Indusface Product Newsletter - June 20
Indusface Product Newsletter - October 19
Indusface Product Newsletter - August 19
Product Newsletter of May 19
Product Newsletter of March 19
Product Newsletter of January 19
WAF Portal Revamp June 18
Product Newsletter of July 18
Product Newsletter of May 18
Product Newsletter of March 18
Product Newsletter of February 18
Product Newsletter of January 18
Indusface Product Newsletter - March 2022
Indusface Product Newsletter - February 2023
Indusface Product Newsletter- October 2022
Zero Day Vulnerability Reports
Vulnerabilities Detected in 2023
Vulnerability Report of May 23
Vulnerability Report of March 23
Vulnerability Report of August 23
Vulnerability Report of July 23
Vulnerability Report of April 23
Vulnerability Report of November 23
Vulnerability Report of June 23
Vulnerability Report of December 23
Vulnerability Report of February 23
Vulnerability Report of January 23
Vulnerability Report of September 23
Vulnerability Report of October 23
Vulnerabilities Detected in 2016
CRS vs. Zero Day Vulnerability - December 2016
CRS vs. Zero Day Vulnerability - November 2016
CRS vs. Zero Day Vulnerability - October 2016
CRS vs Zero Day Vulnerability - September 2016
CRS Vs Zero Day Vulnerabilities - August 2016
Vulnerabilities Detected in 2017
Vulnerability Report of April 17
Vulnerability report for Apr 3rd - Apr 9th 17
Vulnerability report for April 17th - Apr 23rd 17
Vulnerability report of April 10th - April 16th
Vulnerability Report of March 17
Vulnerability report for Mar 20th - Mar 26th
Vulnerability report for Mar 13th - Mar 19th
Vulnerability report for 27th Feb - 5th Mar
Vulnerability report for Mar 27th - Apr 2nd
Vulnerability report for Mar 6th - Mar 12th
Vulnerability Report of February 17
Vulnerability Report of January 17
Vulnerability Report of December 17
Vulnerability Report of November 17
Vulnerability Report of August 17
Vulnerability Report of September 17
Vulnerability Report of October 17
Vulnerability Report of July 17
Vulnerability Report of June 17
Vulnerability Report of May 17
Vulnerabilities Detected in 2018
Vulnerability Report of December 18
Vulnerability Report of November 18
Vulnerability Report of October 18
Vulnerability Report of September 18
Vulnerability Report of August 18
Vulnerability Report of July 18
Vulnerability Report of June 18
Vulnerability Reports of May 18
Vulnerability Report of April 18
Vulnerability Report of March 18
Vulnerability Report of February 18
Vulnerability Report of January 18
Vulnerabilities Detected in 2019
Vulnerability Report of December 19
Vulnerability Report of November 19
Vulnerability Report of October 19
Vulnerability Report of September 19
Vulnerability Report of August 19
Vulnerability Report of July 19
Vulnerability Report of June 19
Vulnerability Report of May 19
Vulnerability Report of April 19
Vulnerability Report of March 19
Vulnerability Report of February 19
Vulnerability Report of January 19
vulnerabilities Detected in 2020
Vulnerability Report of December 20
Vulnerability Report of November 20
Vulnerability Report of October 20
Vulnerability Report of Sep 20
Vulnerability Report of July 20
Vulnerability Report of June 20
Vulnerability Report of May 20
Vulnerability Report of April 20
Vulnerability Report of March 20
Vulnerability Report of February 20
Vulnerability Report of January 20
Vulnerabilities Detected in 2021
Vulnerability Report of November 21
Vulnerability Report of October 21
Vulnerability Report of September 21
Vulnerability Report of August 21
Vulnerability Report of July 21
Vulnerability Report of June 21
Vulnerability Report of May 21
Vulnerability Report of April 21
Vulnerability Report of March 21
Vulnerability Report of February 21
Vulnerability Report of January 21
Vulnerability Report of December 21
Vulnerabilities Detected in 2022
Vulnerability Report of January 22
Vulnerability Report of February 22
Vulnerability Report of March 22
Vulnerability Report of April 22
Vulnerability Report of May 22
Vulnerability Report of June 22
Vulnerability Report of July 22
Vulnerability Report of August 22
Vulnerability Report of September 22
Vulnerability Report of October 22
Vulnerability Report of November 22
Zero-Day Vulnerability Report - December 2022
Vulnerabilities Detected in 2024
Security Bulletin
Vulnerabilities 2024
Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)
ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
CVE-2024-1071 – Critical Vulnerability in Ultimate Member WordPress Plugin
Oracle WebLogic Server Deserialization
ApacheStructs_VG
Apache Struts 2 Vulnerability CVE-2023-50164 Exposed
Unpacking the Zimbra Cross-Site Scripting Vulnerability(CVE-2023-37580)
Adobe ColdFusion Vulnerabilities Exploited in the Wild
Remote Unauthenticated API Access Vulnerabilities in Ivanti
Multiple Moveit Transfer Vulnerabilities
HTTP/2 Rapid Reset Attack Vulnerability
Apache log4j RCE vulnerability
Table of Contents
- All Categories
- Indusface WAS
- Product User Guide
- Vulnerability Assessment[VA]
Vulnerability Assessment[VA]
This tab displays various reports of Vulnerability Assessment scans from Top Threats Identified During Last Scan to Threats Identified During Last 5 Days in the form of various graphs.
List of IP Address registered with Vulnerability Assessment is displayed with Scan Status. This widget is displayed for All Sites only.
Scan Status
Click Scan Status button to view the scans and services that are active or inactive. Scan Status pop-up appears.
The Scanned Websites with Vulnerabilities Found, Status of the scan and Action column is displayed.
Parameter | Description |
URL | The URL of the scanned websites is displayed in this column. |
Vulnerability Found | The count of the vulnerabilities found from an application is displayed in this column. Click Download CSV link to display the data in the respective format. |
Status | This column displays if a scan service is Inactive or In progress. |
Action | This column displays Start button for active services and Pause and Stop button for in progress scans. |
Web Applications
By default, scan details of All Sites is displayed for VA page. There are 2 other options i.e., In Site(s) and In Group(s).
In Group(s)
Click Web Applications drop-down and click In Group(s) option to display the existing groups subscribed with VA scans. Select Group drop-down appears.
Click Select Group drop-down, click to select a specific group. VA page of the selected group is displayed.
If the selected group is not subscribed for Vulnerability Assessment service, Dashboard page appears.
[OR]
List of IP Address in the group and various other VA scan reports of the selected group are displayed.
List of URLs
This widget displays the Website URLs registered for Vulnerability Assessment scan and their Scan Status.
Scan Status is displayed 
, if your Vulnerability Assessment[VA] has passed last Indusface WAS Security Scan. It does not have any critical alert.
Scan Status is displayed 
, if Indusface WAS security scan is running or not yet started your VA service.
Scan Status is displayed 
, if there is one or more critical alert found in last VA scan.
In Site(s)
This option helps a user to display a specific site from the websites registered with VA scans.
Click Web Applications drop-down, click In Site(s) option. Select Asset option displays.
Click Select Asset drop-down, click to select any one of the existing assets. The VA scan details of the selected assets are displayed.
The VA scan details of a specific asset with general information of an asset are displayed. Customer Asset ID is displayed if created otherwise N/A(nil) is displayed.
Customer Asset ID
Click edit customer asset ID option to create or update a short name for an Asset. Edit Customer Asset ID pop-up appears.
Click Customer Asset ID box, enter an unique ID and click Submit button. The updated ID is displayed.
General Info
This displays the basic information of a website or the selected Asset like IP Address, Last Scan, Remaining POC etc.
Open Services Found in Last Scan
The ports that are open during the last scan on the scanned IP address are displayed in this option. Open service details like Protocol, Port, Service Name, and Product Name are displayed.
Scan Summary
This option displays the scan details like Scan Date, Vulnerability Type, Total Vulnerabilities, and Seal Status.
Click PDF or Excel icon in Downloads option to download the report of a specific scan.
Threats Identified During Last Scan
his widget displays the threats found in last scan as Critical, High, Medium, and Low according to severity in the form of a pie chart.
Click 
to download the report in CSV format.
Open Status Identified During Last Successful Scan
Three kinds of open statuses are available with a unique colour i.e., Re-open, Open, and New.
The number of vulnerabilities found in a specific status is displayed in the pie-chart. Mouse over a specific status in the pie chart to view the percentage.
Aging Summary
This option displays the vulnerabilities open for last 30 (or) 90 (or) 180 days. An application is vulnerable even after re-validation cycle.
Parameter | Description |
Label | This option displays the number of days a vulnerability is open for ageing summary. |
Critical | This option displays the number of critical vulnerabilities open for the respective days. |
High | This option displays the number of high vulnerabilities open for the respective days. |
Medium | This option displays the number of medium vulnerabilities open for the respective days. |
Click the number in respective vulnerability category (i.e., critical, high or medium) to view the further details. Vulnerability Assessment Details pop-up appears.
The Unique Alert ID, URL, Title of the vulnerability, and Severity of the open vulnerabilities is displayed. The general Description and Solution is displayed on the side.
Click Show More button of a specific open vulnerability to view further details like IP address, references, etc.
