InsightAppSec allows you to generate vulnerability reports so you can provide status updates to stakeholders within your organization. The Generate Report feature respects any filters applied to your vulnerabilities table and you can choose the format and level of detail in the reports based on your audience.
Generate a report
- Select an App and a Scan for which you wish to generate a report.
- On the Scan overview page, click the Generate Report link in the upper right side of the screen.
If you wish to report on only a subset of vulnerabilities, you can apply filters on the vulnerabilities table and select the checkboxes for the relevant vulnerabilities.
The "Generate Report" panel appears.
- Provide a name for this report.
- If you wish to include ignored vulnerabilities in this report, enable the Include Ignored Vulnerabilities switch.
- Select the report type followed by the report format from the "Report Types" list.
- Click the Generate Report button.
- If you selected an HTML report, it will auto-generate and open in a new tab.
- If you selected a PDF report, the "Generate Report" panel will close and you will see a message on-screen while the PDF report generates. When the report is ready, it will download in your browser.
These are the report types available in InsightAppSec.
Generated reports are advisory only
InsightAppSec reports are advisory only. If a report is generated showing no vulnerabilities, or low severity or safe vulnerabilities, this should not be taken as affirmation of compliance.
The Executive Summary is an overview of your app. The report contains data on risk, number of vulnerabilities, vulnerabilities by severity and status, number of scans, the average time of a scan, and the success of scans over time. This report can only be generated from the App screen.
The Vulnerabilities Summary is an overview of the vulnerabilities found in the app during the scan. The report is organized by vulnerability and the number of vulnerabilities found during the scan for the app.
Vulnerabilities with Remediation Report
The Vulnerabilities with Remediation report contains all vulnerabilities found in an app from the chosen scan and the recommended remediation. Before making the report, you can use a filter to focus on certain vulnerabilities. Within the report, you can view the attack type, recommendation, and replay the attack using the Rapid7 Chrome Plugin.
Payment Card Industry Report (PCI Report)
The Payment Card Industry report helps you prepare for an audit, an assessment, or a questionnaire around PCI compliance. Uncovering potential issues that will affect the outcome of any of these exercises allows you to take action and secure critical vulnerabilities on any assets that deal with payment card data.
OWASP 2013 Report
The OWASP 2013 Report shows the top 10 OWASP issues and whether you passed or failed on each for the scan. It also shows vulnerabilities within each of the top 10 issues along with the response and request data for the vulnerability.
OWASP 2017 Report
The OWASP 2017 Report shows the top 10 OWASP issues and whether you passed or failed on each for the scan. It also shows vulnerabilities within each of the top 10 issues along with the response and request data for the vulnerability.
The SOX (Sarbanes-Oxley Compliance) details compliance issues and whether you passed or failed on each, for that particular scan. The report shows each requirement and the details of the vulnerabilities that caused you to fail, if you did.
HIPAA Compliance Results
The HIPAA compliance report shows each requirement, if you passed or failed, and the details of the vulnerabilities that cause you to fail, if you did.
The GDPR report provides an advisory report showing how vulnerabilities in scanned targets might jeopardize your GDPR compliance and highlights which vulnerabilities need to be addressed.