Whitelist Vulnerabilities
Introduction
AppTrana WAAP offers a Vulnerability Whitelisting feature that allows you to exclude non-critical or medium-level vulnerabilities from scan results.
This functionality assists in managing your security assessments effectively by focusing on resolving critical issues while acknowledging and tracking less severe vulnerabilities.
- Navigate to Vulnerability > List of Vulnerabilities Detected > Needs Action.
- Select an application that you want to whitelist.
- Click Whitelist for the selected URL.
- Result: Confirm Whitelisting pop-up window opens.
- Customers can either whitelist a vulnerability or vulnerability category.
Whitelist a Vulnerability
- Enter the requested parameters.
- A confirmation pop-up appears.
- Click Confirm to whitelist the vulnerability.
| Parameter | Description |
| Whitelist till (Time Period) | Provide a specific duration till the vulnerability to be whitelisted. Select a date or click indefinitely. |
| Plugin | Plugin details are displayed here. |
| URL | This field displays the whitelisting URL address. |
| Vulnerability ID | This field displays the vulnerability ID. |
| Reason | Enter the reason for whitelisting the vulnerability. |
Whitelist Vulnerability Category
- Customers can whitelist a vulnerability category indefinitely.
- Customers must enter the reason for whitelisting the vulnerability.
- Plugin information is displayed automatically.
- Click Confirm to whitelist the vulnerability category.
- A confirmation pop-up appears.
Unwhitelist Vulnerabilities
- Go to the Whitelisted section.
- Select the URL and click Unwhitelist.
- A confirmation pop-up appears.
- Enter a reason for unwhitelisting, select a date till the URL to be unwhitelisted, and then click Confirm.
If a vulnerability is whitelisted at the category level, it must be unwhitelisted at the category level only.