FAQs
What is Active View?
Active View is a consolidated view of your web apps and vulnerabilities drawn from previous scans. Web apps can be drilled into for more detailed information regarding the vulnerabilities that have been found. Vulnerabilities similarly can be reviewed to see affected web apps.
What are At-Risk web apps?
These are the top-five worst web apps that are known to have medium, high, and / or critical vulnerabilities.
See more: At-Risk Applications
What are Vulnerabilities You Should Fix?
These are the top-five worst medium, high, and critical vulnerabilities that are known to exist in your environment.
See more: Vulnerabilities You Should Fix
How can I hide vulnerabilities?
When viewing Vulnerabilities in Active View or the results of a scan, you can select individual vulnerabilities you want to hide.
Select More options > Hide above the table to open the Hide Vulnerability dialog where you can provide a reason for hiding the vulnerability.
Selecting OK hides the vulnerability immediately. You can reveal hidden items by way of the tools menu on the table header bar.
How can I remove a vulnerability triggered incorrectly from my results?
This is done in the same way as hiding vulnerabilities with one exception: Before selecting OK in the Hide Vulnerability dialog, select True, and then select the False positive checkbox. Enter a note, and select OK.
Where can I learn more about a specific vulnerability?
The WAS Vulnerability Dictionary provides information about known vulnerabilities. The list, which is updated frequently, includes high-level information about specific vulnerabilities and, when appropriate, remediation steps. Low-level vulnerability information can be linked to this page for users requiring even greater detail.
What is my Security GPA?
Security GPA is the unique grading system used by WAS.
See more: Security GPA
What are web app ratings?
WAS assigns your web app ratings based on the highest-level vulnerabilities discovered on the web app. Web app ratings are used to calculate your Security GPA.
See more: Security GPA
What are vulnerability classes and severities?
These two concepts comprise the most important aspects of a discovered vulnerability. The "class" is based on the type of threat presented and how it is discovered; "severity" describes the potential of immediate threat.
Possible classes include:
- Explicit: Conclusive evidence of this item was found.
- Potential: Indicators of a possible vulnerability were found.
- Recon: Visible network or asset information that could aid an attacker.
- Compliance: Item related to a security standard, such as the Center for Internet Security (CIS) Benchmarks.
- Malware: Known malware was discovered.
How do I manage large tables of data?
WAS provides a variety of ways to search and filter data.
See more: Find Information in WAS