Reports by type
This article contains detailed descriptions of each InsightAppSec report. The information is grouped based on the type of report and where in the application it's generated.
- Applications reports from the All Apps page
- Application reports from within an individual app
- Scan reports from within an individual scan
InsightAppSec reports are advisory only
If a report shows no vulnerabilities, or low severity or safe vulnerabilities, this should not necessarily be taken as affirmation of compliance.
Applications (All Apps)
You can generate executive-level reports containing data on all of your apps from the All Apps page.
InsightAppSec All Apps Executive Report
This report provides an overview of all apps scanned during a selected month. The report contains the number of apps scanned, unreviewed vulnerabilities, high severity vulnerabilities and remediated vulnerabilities with each of these compared to the previous month. It also shows the top vulnerability types and the vulnerabilities by severity and status.
Combined InsightAppSec and InsightVM Executive Report
This report provides an overview of the assets and apps scanned by InsightAppSec and InsightVM. The report contains sections relating to your overall vulnerability management programs, including details on apps and assets scanned along with the vulnerabilities found and remediation efforts. Where applicable, it also showcases details on location, owner, and criticality tags.
Application (Individual App)
You can generate executive-level reports for each individual app after selecting one from the All Apps page.
App Executive Report
This report provides an overview of an individual app. It contains an overall number of vulnerabilities, vulnerabilities by severity and status, number of scans, average time of a scan, and the success of scans over time.
You can generate scan-level reports with vulnerabilty or compliance-related information from within an individual scan.
Filter data on scan-level reports
All of our scan-level reports are filterable, so you can narrow the data within each to focus on just what you need.
The Vulnerabilities Summary is an overview of the vulnerabilities found in the app during the scan. The report is organized by vulnerability and the number of vulnerabilities found during the scan for the app.
Vulnerabilities with Remediation Report
The Vulnerabilities with Remediation report contains all vulnerabilities found in an app from the chosen scan and the recommended remediation. Before making the report, you can use a filter to focus on certain vulnerabilities. Within the report, you can view the attack type, recommendation, and replay the attack using the Rapid7 Chrome Plugin.
Payment Card Industry Report (PCI Report)
The Payment Card Industry report helps you prepare for an audit, an assessment, or a questionnaire around PCI compliance. Uncovering potential issues that will affect the outcome of any of these exercises allows you to take action and secure critical vulnerabilities on any assets that deal with payment card data.
OWASP 2013 Report
The OWASP 2013 Report shows the top 10 OWASP issues and whether you passed or failed on each for the scan. It also shows vulnerabilities within each of the top 10 issues along with the response and request data for the vulnerability.
OWASP 2017 Report
The OWASP 2017 Report shows the top 10 OWASP issues and whether you passed or failed on each for the scan. It also shows vulnerabilities within each of the top 10 issues along with the response and request data for the vulnerability.
The SOX (Sarbanes-Oxley Compliance) details compliance issues and whether you passed or failed on each, for that particular scan. The report shows each requirement and the details of the vulnerabilities that caused you to fail, if you did.
HIPAA Compliance Results
The HIPAA compliance report shows each requirement, if you passed or failed, and the details of the vulnerabilities that caused you to fail, if you did.
The GDPR report is an advisory report that shows how vulnerabilities in scanned targets might jeopardize your GDPR compliance and highlights which vulnerabilities need to be addressed.