Application Audit[AA]

Updated 5 months ago by aparna

This tab displays all the Application Audit[AA] information like AA Scans, List of Websites registered, Groups Info in the form of widgets. Some of the scan categories are Threats Identified During Last 5 Days, Threats Identified During Last Successful Scan etc

Click Application Audit on the left navigation plane.

Click Scan Status button to view the scans and services that are active or inactive. Scan Status pop-up appears.

The Scanned Websites with Vulnerabilities Found, Status of the scan and Action column is displayed.

Parameter

Description

URL

The URL of the scanned websites is displayed in this column.

Vulnerability Found

The count of the vulnerabilities found from an application is displayed in this column.

Click Download CSV link to display the data in the respective format.

Status

This column displays if a scan service is Inactive or In progress.

Action

This column displays Start button for active services and Pause and Stop button for in progress scans.

Web Applications

By default, All Sites option is selected by opening AA page. In Group(s) or In Site(s) options to display only a specific group or a website from the existing.

In Group(s)

Click In Group(s) option from Web Applications drop-down. Select Group drop-down appears.

Click Select Group drop-down and click to select a group. The scan summary details of the group are displayed.

List of IP Address in the group and various other AA scan reports of the selected group are displayed.

Click to download the report in CSV format.

List of URLs 

This widget displays the Website URLs registered for Application Audit scan and their Scan Status.

Scan Status is displayed  , if your Application Audit[AA] has passed the last Indusface WAS Security Scan. It does not have any critical alert.

Scan Status is displayed  , if Indusface WAS security scan is running or not yet started your AA service.

Scan Status is displayed  , if there is one or more critical alert found in the last AA scan.

In Site(s)

Click In Site(s) option from Web Applications drop-down. Select Asset option appears.

Click Select Asset drop-down and click to select an asset. Application Audit scan details of the selected website is displayed.

The AA scan details performed on a specific website like Scan Summary, Threats Identified, Aging Summary etc., are displayed. The AA information i.e., Website Name, Last Scan, Scan Status etc., are displayed.

Information

The selected asset information like Website URL, Last Scan, Schedule Time Slot etc., is displayed in this field. Remaining POC option displays the number of POC requests that can be made.

Scan Status is displayed as Fail if the recent scan is failed.

Scan Summary

This option displays Scan Details like Scan Date, Vulnerabilities found, Seal Status etc.

Click PDF icon or click Excel Sheet icon in Download option to download the summary in either form.

Threats Identified During Last Successful Scan

This widget displays the threats found in the last scan as Critical, High, Medium, and Low according to the severity in the form of a pie chart. In this example, only Medium vulnerabilities are discovered.

Click All drop-down and click to select Manual PT or Automated Scan.

Manual Fixed Vulnerabilities

The list of fixed vulnerabilities is displayed in this option. Fixed Date, Title of the Vulnerability, and the Severity of it.

Click a specific vulnerability to display further details. AA pop-up of a specific fixed vulnerability is displayed.

Click Next button to view further vulnerabilities or click Previous button to go back.

Aging Summary

This option displays the vulnerabilities open for last 30 (or) 90 (or) 180 days.

Parameter

Description

Label

This option displays the number of days a vulnerability is open for ageing summary.

Critical

This option displays the number of critical vulnerabilities open for the respective days.

High

This option displays the number of high vulnerabilities open for the respective days.

Medium

This option displays the number of medium vulnerabilities open for the respective days.


Click All drop-down and select Manual PT or Automated Scan option to display the respective vulnerabilities.

Click the number in respective vulnerability category (i.e., critical, high or medium) to view the further details. Application Audit Details pop-up appears.

The Unique Alert ID, URL, Title of the vulnerability, and Severity of the open vulnerabilities is displayed. The general Description and Solution is displayed on the side.

Click Show More button of a specific open vulnerability to view further details.

Open Status Identified During Last Successful Scan

Three kinds of open statuses are available with a unique colour i.e., Re-open, Open, and New. Mouse over a specific status in the pie chart to view the percentage.

Click All drop-down, click Manual PT or Automated Scan to display respective vulnerabilities.


How did we do?