Findings
In the Findings panel, you can observe the vulnerabilities statistics, charts and vulnerabilities details.
![](/api/docs/file/product-documentation__master/appspider/images/Screen Shot 2018-06-06 at 5.28.01 PM.png)
The left panel has the tree view of the vulnerabilities with count in brackets. You can click the “Expand all” button ( )to expand the entire vulnerability tree:
- Findings
- Attack class
- Attack type
- Finding location
- Attack Variance
Vulnerabilities panel
The Vulnerabilities panel contains the statistics for all vulnerabilities:
- Attack class table:
- Attack class: the name of the attack class
- Findings: the number of vulnerabilities found
- Variances: the number of attack variants
- Findings by Attack Classes chart
- Findings by Severity chart
Attack class panel
The Attack class panel contains the statistics for the selected attack class:
- Attack type table:
- Severity: the severity of the attack type
- Attack type: the name of the attack type
- Findings: the number of vulnerabilities found
- Variances: the number of attack variants
- Findings by Attack Class chart
- Findings by Severity chart
Attack type panel
Attack type panel contains the statistics for the selected attack type:
- Vulnerabilities for the Attack type table - the user may select a vulnerability and observe the following options:
- Severity: the editable combo box with the vulnerability severity.
Once you have expanded the tree or a node, you can click on a vulnerability type to view vulnerabilities of that type. You can:
- Change the severity of the vulnerability
- Ignore the vulnerability using the Ignore checkbox
- Globally ignore using the Globally Ignore check box
- Mark the vulnerability as known using the Known check box
- Add notes using the Notes button
- Add new vulnerability using the Add New button.
- Filter issues by All, Active, Ignore.
The table contains following columns:
- Method: the request method
- URL: the finding URL
- Parameter: the vulnerable parameter
- Variances: the number of attack variants
- Ignore: the user marks this check box to ignore the issue
- Globally Ignore: the user marks this check box to globally ignore the issue
- Known: the user marks this check box to set issue status as Known
- Notes: displays notes about the vulnerability when clicked
Details
The following options are available in the Details tabs:
- Description: the description for the selected attack type.
- Recommendation: the recommendation for the attack type.
- References: the reference to the documentation about the attack type
Finding location
The Finding location tabs contain the information about the location of the finding.
You can:
- Ignore the vulnerability by using the Ignore check box
- Globally ignore it using the Globally Ignore checkbox
- Mark the vulnerability as known using the Known check box
- Add notes using the User notes text area
- Add a new vulnerability using the Add New button.
The Finding location table contains the following information:
- AttackType: the vulnerability attack type
- Attack Class: the vulnerability attack class
- Severity: the vulnerability severity
- Method: the request method
- URL: the finding URL
- Parameter: the vulnerable parameter
- User Notes: displays notes about the vulnerability
Variances
The Variances table contains the following information about the attack variant:
- URL: the finding URL
- Parameter: the attack variant parameter
- Ignore: the user marks the check box to ignore the attack variant
- Notes: shows the note for this attack variant.
The Variance panel contains the information about the attack variant.
The following read only fields are available:
- Attack Type
- Attack description
- Original Value
- Attack Value
- Vulnerability
- The Ignore check box ignores the attack variant if marked.
- The Notes text area allows you to enter notes.
The following tabs are available for Original Traffic:
- Request: the web request
- Response Source: the web response
- Response HTML: the response view