View vulnerabilities at an organization level

Before you begin
  • Exercise (browse or use) your application so Contrast can find weaknesses and present results in the Contrast application.

  • To see your application's vulnerability data in more detail, configure your Contrast agent to report session metadata.

Steps
  1. In the header, select Vulnerabilities.

  2. To display vulnerabilities for licensed applications only, select Show licensed only at the top of the vulnerabilities list.

  3. To filter by columns, select the Filter icon (filterIcon.png ) next to the column headers. These filter options are available if applicable to the selected application:

    • Severity: Available filters are: Critical, High, Medium, Low, and Note.

    • Vulnerability: Available filters are:

      • Vulnerability tags : Custom tags you assigned to vulnerabilities

      • Type: Types of vulnerabilities

      • Servers: Vulnerabilities for applications that the selected servers are hosting.

      • Environments: Development, QA, and production

      • Sinks: Vulnerabilities that originate from a common sink

        A sink is common custom code shared between multiple data-flow vulnerabilities.

        Filtering by sink can help you identify a line of code that is causing multiple vulnerabilities.

      • URLs: Vulnerabilities associated with a specific URL.

      • Compliance policy: Vulnerabilities associated with a compliance policy

    • Application: Available filters are: Application names and custom tags you assigned to applications

    • Last detected: Available filters are: First or Last detected and Time range. Select Custom to enter specific dates and times.

    • Status: Available filters are Status and whether Contrast is tracking the vulnerability

    To remove filters, select Clear next to the column header.

    This image shows the Clear option for filters
  4. To view vulnerability details, select a name. You can view details for these categories:

    • HTTP information

    • Steps on how to fix this vulnerability

    • Details about the identity, timing and location of the vulnerability including build numbers, reporting servers, category and security standards

See also

View application vulnerabilities