The Vulnerability Page in Edgescan offers a centralized overview of identified security vulnerabilities across your digital assets.
Version Number: v1.0.2
Published Date: 05 Jun 2024
____________________________________________________________________________
This page simplifies the process of tracking and managing vulnerabilities, offering intuitive filters and a detailed list with essential information such as vulnerability ID, name, organization, and location. It displays data like the date opened, CVE identifiers, risk ratings, and compliance status, allowing for quick action and ensuring ongoing protection against cyber threats. This page serves as a central hub for proactive security management.
Vulnerability Actions
Within the Edgescan Vulnerability Page, users have access to a variety of actions aimed at improving the efficiency of vulnerability management. These actions include bulk operations like adjusting risk ratings, accepting risks, and reopening vulnerabilities. To assist users, there is an interactive walkthrough feature for guidance, as well as options to copy API URLs for integration and schedule data exports for reporting purposes. Custom filters can be created and applied, with the added benefit of saving these filters for future use. Furthermore, users have the ability to export data from the current page view, which streamlines the workflow for security analysis and compliance documentation.
Advanced Filtering
The Vulnerability Page on Edgescan now offers advanced filtering options, empowering you to customize your vulnerability management process with precision. These enhanced filters allow you to effortlessly classify vulnerabilities by type, such as XSS, SQLi, and CSRF, or any customized parameter that aligns with your security requirements. This feature facilitates swift identification of specific vulnerabilities, facilitating efficient risk assessment and planning for remediation.
Vulnerability Detail View
When you click on a vulnerability in the main list, you will be directed to the Vulnerability Detail View. This dedicated page provides comprehensive information about a specific vulnerability identified by Edgescan analysts. At the top of this page, you will immediately see the name of the vulnerability, giving you a quick overview of its significance.
Vulnerability Rating
Risk, threat and severity are on a scale from 1-5 and CVSS score is on a scale from 1-10. PCI Compliance is categorized as Pass or Fail.
General Information
This segment within the Vulnerability Detail View offers a concise overview of the administrative details of a vulnerability. It highlights the impacted 'Organization' and 'Asset,' the date of the issue's opening, and indicates if any service level agreements have been breached ('Violates SLA'). Additionally, a link is provided for accessing more in-depth information on 'CVE, CWE, and CIS' related to the vulnerability.
Description and Remediation
The detailed vulnerability page includes two essential sections for addressing security concerns: 'Description' and 'Remediation'. In the Description section, you will find a breakdown of the vulnerability's nature and potential impact, including insights into how it could be exploited. On the other hand, the Remediation section provides targeted advice on resolving the identified vulnerability, often recommending specific technical actions to reduce the risk. Together, these sections offer a comprehensive understanding of the vulnerability and the necessary steps to fortify the system against potential threats.
Details
The "Details" section on the vulnerability page plays a crucial role by delving deep into the technical aspects of a reported vulnerability. Here, you can find a detailed explanation of how the vulnerability could be exploited, often supported with the actual request and response data that pinpoint where the issue was identified. By switching to the "View request/responses" tab, users can analyse the exact HTTP requests and corresponding responses, pinpointing where and how the vulnerability appears in the application's data exchange. This feature is vital for developers and security professionals to grasp the full context of the vulnerability and to replicate the issue for testing and validation purposes. It serves as an invaluable tool for creating precise and effective strategies for remediation.
Notes
You can add notes to a vulnerability for extra context or reminders. These notes are helpful for communication but do not send notifications. If you need immediate assistance, please reach out through our standard support channels.