Help Center
News
Indusface
Help Center
News
Indusface
AppTrana
Indusface WAS
Onboard into Indusface WASSAML Integration with Entra ID for Single Sign-On - Indusface WAS
Summary
Dashboard
Malware Monitoring
Application Audit
Vulnerability Assessment
API Security Audit
Asset Monitoring
EASM
Reports
Vulnerabilities
AcuRisQ – Risk Management with Advanced Risk ScoringSecrets
Settings
Indusface WAS MSSP
WAS MSSP Consultant
Additional Resources
Zero-Day Vulnerability Reports
Security Bulletins
AppTrana API Integration
Release Notes

Secrets

This dashboard helps security teams monitor and manage the exposure of hard-coded secrets and credentials across digital assets. 

Accessing Secrets tabs

  • Login to WAS Portal
  • Navigate to Vulnerabilities and click Secrets Tab

 

Overview Section

Total Secret Scan

This section provides a summary of the scanned secrets, showing the total number of secrets scanned, broken down into:

  • Completed: The number of scans that have been fully processed and evaluated.
  • In Progress: The number of scans that are still being processed.

 

Secrets Identified
Displays the total number of secrets (such as API keys, passwords, tokens) identified across the scanned assets. These are potentially sensitive data that could be exposed or leaked.

Open and Closed Secrets Over Time


A graphical representation showing how secrets are categorized as "Open" (identified but not resolved) and "Closed" (resolved or removed) over time. This helps track the progress of managing and addressing security risks related to exposed secrets.

 

 

Asset Details 

The table displays detailed information about each secret identified:

 

Column Name

Description

SubdomainThe subdomain where the secret was found.
Masked Secret ValueThe actual secret value with part of it masked (for security reasons).
Found OnThe date when the secret was first detected during the scan.
Action

Available action that can be taken on the identified secret.

Details: This button allows you to view more detailed information about the secret and its associated risks.

Asset Control and Filter Options

Display Options:

A control that allows users to select how many rows of data they want to view at once. 

 

 

Filter by Secrets

A filter dropdown is available to view all secrets or select a specific secret. This allows users to focus on particular secrets and their respective urls.

All-Domain

Use All-Domain to download a combined report for all domains.

Search

A search bar to help users quickly find specific assets, secrets, or vulnerabilities by entering keywords or filters (e.g., subdomains, severity level).

 

 

Add Website

If a sub-domain is not onboarded in WAS, the user cannot view the secrets identified for that asset. To access those findings, the asset must first be onboarded using the Add Site option.

Click the Add Website icon under Action to onboard a new application or API.

The Add website window will pop up

A screenshot of a computer AI-generated content may be incorrect.

Click here for a step-by-step guide to self-onboard your applications or APIs for secret scanning

 

 

 

Was this helpful?

Powered by Product Fruits