When running scans with the AppCheck Scanner, the results you receive are more than just a list of vulnerabilities. Every scan that is run produces diagnostic information that provides insights into the health, configuration, and behaviour of your systems and applications. Diagnostic findings are referred to as Information Findings or Info level Findings in the Scanner.

Understanding how to interpret information findings is important for ensuring the accuracy of your scans, optimizing your scanning process, and maintaining the overall security and performance of your target(s).

This article provides a general overview of what to look for in your scan diagnostics and how to use this information to improve your scanning strategy.

Subsections

• Web Application Scans
• Infrastructure Scans
• Frontless API Scans

What Are Information Findings?

Information Findings refer to the information generated by the Scanner about the scan process itself, as well as the state of the target systems. These findings can include:

• Target Reachability: Information about whether the scanner was able to access and interact with the target systems or applications.
• Configuration Issues: Details about misconfigurations in the scan setup or the target environment that may have affected the results.
• Logs and Errors: Records of errors, warnings, or unexpected behaviour encountered during the scan.
• Interaction Details: Insights into how the scanner interacted with the target, such as successful or failed authentication attempts, form submissions, or navigation steps.

Where can I find Information Findings?

Information Findings are found on the scan's results page under the "Info" impact group:

Example Use Cases for Troubleshooting with Information Findings.

Web Application Scans:

• Diagnose issues with crawling, diagnose commonly observed URLs during the authentication process that are missing in the scan's scope, that may have caused the scanner to miss certain areas.

  • Identify authentication failures that prevented the scanner from accessing protected areas.

  • Analyse performance issues caused by high network latency or bandwidth constraints.

Infrastructure Scans:

• • Investigate unreachable hosts or services due to closed ports and firewalls, or misconfigured scan ranges and ports.

  • Identify authentication failures that prevented the scanner from accessing protected areas, where authentication was provided.

  • Analyse performance issues caused by high network latency or bandwidth constraints.

Frontless API Scans:

• Diagnose issues with API endpoint discovery, such as missing or undocumented endpoints that were not scanned.
• Identify authentication or authorization failures, such as incorrect API keys, tokens, or OAuth configurations.
• Analyse errors related to request/response handling, such as malformed requests, unsupported content types, or unexpected HTTP status codes.
• Investigate performance bottlenecks, such as rate limiting or timeouts, that may have impacted the scan's ability to thoroughly test the API.
• Detect gaps in coverage due to dynamic API behaviours, such as endpoints that require specific input data or sequences of requests to access.