View vulnerabilities

To view vulnerability information, use any of the following options:

  • To view a grid list of all vulnerabilities found in your organization, select Vulnerabilities in the header. Select a vulnerability name from that list for more details including HTTP information, steps on how to fix this vulnerability, and details about the identity, timing and location of the vulnerability including build numbers, reporting servers, category and security standards.

  • To display vulnerabilities for licensed applications only, select show licensed only at the top of the vulnerabilities grid

  • To view vulnerability information for an individual application, use any of the following options:

    • Select Applications in the header. The Applications grid displays the number of open vulnerabilities for each application. To view details for specific types of vulnerabilities (for example, critical or high), in the Open Vulnerabilities column, click the relevant section of the thermometer.

      OpenVulnBar.png

      An open vulnerability has a status of Reported, Suspicious, or Confirmed.

    • Select Applications in the header, then select an application name to see its details page. Select the Vulnerabilities tab. You see a grid list of vulnerabilities for that application.

      Select the trend line symbol above the grid to view a timeline of the vulnerabilities. Use the buttons above the chart to view data by Severity or Discovery. Hover over the trend lines to see a breakdown of the data for that point in time (number of vulnerabilities, time stamp or status).

      Any filters you apply in the grid also update the data in the chart. Use the filter for the Last detected column to update the time span shown in the timeline.

    • Select Servers in the header, then select a server name to see its details page. Select the Vulnerabilities tab. You see a grid list of vulnerabilities for the applications the selected server is hosting.

  • Select the small triangle at the very top of the Vulnerabilities grid to filter all your vulnerabilities by:

    • Open

    • High Confidence,

    • Policy Violation

    • Pending Review

    Click on the magnifying glass icon to search for specific vulnerabilities.

    VulnerabilityQuickFilter.png
  • Select the Filter icon next to the column headers to filter by:

    • Severity: critical, high, medium, low, note

    • Vulnerability: tags, types, servers, environments, URLs or compliance policies

    • Application: applications names or tags

    • Last detected: first or last detected, time range or select custom to enter specific dates and times

    • Status: status and whether or not it is being tracked

    To remove filters, select Clear next to the column header.

  • To see your application's vulnerability data in more detail, configure your Contrast agent to report session metadata.

Note

For Contrast to find weaknesses and present findings, you must exercise your application.

Open vulnerabilities for merged applications

For merged applications, the Open Vulnerabilities column in the Applications grid displays the number of vulnerabilities for all application modules in the primary application. The Applications grid displays the primary application but not the modules in the master application.

Example:

Before you merge applications, the Open Vulnerabilities column looks similar to this:

AppsUnmerged.png

After you merge applications, the thermometer in the Open Vulnerabilities column shows vulnerabilities for the primary application and all the merged application modules. The Vulnerabilities grid does not show the merged application modules.

AppsMergedVulns.png