If the 'Vulnerability Type' is chosen as 'Web Level', you will be provided with the following fields:
- Title - This field is 'Mandatory'. You can enter the title of the vulnerability that you are currently logging.
- Description - This field is 'Mandatory'. You can use this field to describe the vulnerability which you are currently logging.
- Affected Endpoint - This field is 'Mandatory'. This field expects you to enter the URL where the vulnerability exists. It is possible to add more than one affected endpoint.
- HTTP Request - This field is 'Not Mandatory'. You can enter the vulnerable HTTP Request for the mentioned 'Affected Endpoint' in this field.
- HTTP Response - This field is 'Not Mandatory'. You can enter the HTTP response for the mentioned 'HTTP Request'.
- Steps to reproduce - This field is 'Mandatory'. You can provide detailed steps on how to reproduce the vulnerability that you are currently logging.
- Mitigation - This field is 'Mandatory'. You can provide information/suggestions on how to fix the vulnerability that you are currently logging.
- CVE - This field is 'Not Mandatory'. You can provide any relevant CVE Ids for the vulnerability that you are currently logging.
- Tags - This field is 'Not Mandatory'. You can add tags for the vulnerability that you are currently logging.
- Add File - This is not 'Not Mandatory'. Using this feature you can attach any files like screenshots/videos etc for the vulnerability that you are currently logging. This can aid the developer in better understanding the issue that has been reported.
- Custom Fields - This can either be a 'Mandatory' or a 'Non Mandatory' field depending on if it has been created as a mandatory field or not. More about custom fields here.
Logging a Web Level Vulnerability:
- From the 'Vulnerabilities' page click on 'New Vulnerability'.
- Select an 'Asset' from the list of your assets. Onboarding an asset is a prerequisite to adding any vulnerabilities. More on how to onboard assets here.
- Now select a 'CWE ID' from the list of CWE ids. This is not mandatory. More about CWEs here.
- Select a severity for the vulnerability that you are currently logging. You can either choose a standard severity or give your input to the CVSS calculator and it will calculate the severity for you. More about how the CVSS calculator works here.
- Now enter all the relevant information in the fields that you are presented with. In this case we have added a tag to the vulnerability. We have named it as 'Authorization' so that going forward any similar issues that are reported can use the same tag and vulnerabilities can then be filtered later based on this tag. More on how to use filters here.
- Click on 'Finish'. The vulnerability has been logged successfully.
Comments
Article is closed for comments.