View vulnerabilities

There are multiple ways to view vulnerability information:

  • Select Vulnerabilities in the header to view a grid list of all vulnerabilities found in your organization. Select a vulnerability name from that list for more details including HTTP information, steps on how to fix this vulnerability, and details about the identity, timing and location of the vulnerability including build numbers, reporting servers, category and security standards.

  • You can also see vulnerability information for an individual application or server:

    • Select Applications in the header, then select an application name to see its details page. Select the Vulnerabilities tab. You will see a grid list of vulnerabilities for that application.

      Select the trend line symbol above the grid to view a timeline of the vulnerabilities. Use the buttons above the chart to view data by Severity or Discovery. Hover over the trend lines to see a breakdown of the data for that point in time (number of vulnerabilities, time stamp or status).

      Any filters you apply in the grid also update the data in the chart. Use the filter for the Last detected column to update the time span shown in the timeline.

    • Select Servers in the header, then select a server name to see its details page. Select the Vulnerabilities tab.

  • Select the small triangle at the very top of the vulnerabilities grid to filter all your vulnerabilities to only see those that are open, high confidence, policy violation or pending review. You can also click on the magnifying glass icon to search for specific vulnerabilities.

    VulnerabilityQuickFilter.png
  • Select the Filter icon next to the column headers to filter by:

    • Severity: critical, high, medium, low, note

    • Vulnerability: tags, types, servers, environments, URLs or compliance policies

    • Application: applications names or tags

    • Last detected: first or last detected, time range or select custom to enter specific dates and times

    • Status: status and whether or not it is being tracked

    To remove filters, select Clear next to the column header.

  • To see your application's vulnerability data in more detail, you can also configure your Contrast agent to report session metadata.

Note

For Contrast to find weaknesses and present findings, you must exercise your application.