Finding Concept

The last core concept is the finding, this is a security issue that we have found during our scans. If the same issue is found in a new scan it will not open a new finding but update the already existing finding.

A finding will have a lot of information about the issue. Namely, where it was found, URL, insertion point (e.g. cookie), parameter, and method. Evidence we gathered, and the full request and response that we used. Suggestions of how to go about fixing it. A full description of the vulnerability is also present in the definition property. We also assign a severity and calculate the CVSS score for each.

Besides all this, there are also actions that you can perform on a finding. You can assign it to one user, leave comments for your team or add labels, and reduce or increase the severity.

If you don't plan on fixing the finding and accept the risk, or you think we reported a false positive, you can mark the finding to reflect that.