Submitting a Vulnerability for a Web/Mobile Asset
Strobes allows you to manually submit vulnerabilities for your Web and Mobile assets. When selecting one of these asset types, you’ll need to specify the vulnerability subtype, which determines the kind of information you’ll be required to provide.
Supported Vulnerability Subtypes
You can choose from the following three subtypes:
1. Web-Level Vulnerability
Use this subtype when the vulnerability was found through:
- A DAST (Dynamic Application Security Testing) scan
- A manual Web Application Pentest
This type captures runtime vulnerabilities that occur during application execution (e.g., XSS, SQL Injection, etc.).
View detailed steps for submitting a Web-Level Vulnerability
2. Code-Level Vulnerability
Choose this subtype when the issue was identified during:
- A SAST (Static Application Security Testing) scan
- A manual Secure Code Review
This is suitable for vulnerabilities in your application’s source code (e.g., hardcoded secrets, insecure deserialization, etc.).
View detailed steps for submitting a Code-Level Vulnerability
3. Package-Level Vulnerability
Select this if the vulnerability is related to a third-party package or dependency. These issues may be discovered during either SAST or DAST scans.
This subtype is useful for tracking open-source risks such as:
Vulnerable library versions
Package misconfigurations
The following are the links which contain detailed information about submitting each subtype of vulnerability.