When running scans with the AppCheck Scanner, the results you receive are more than just a list of vulnerabilities. Every scan that is run produces diagnostic information that provides insights into the health, configuration, and behaviour of your systems and applications. Diagnostic findings are referred to as Information Findings or Info level Findings in the Scanner.
Understanding how to interpret information findings is important for ensuring the accuracy of your scans, optimizing your scanning process, and maintaining the overall security and performance of your target(s).
This article provides a general overview of what to look for in your scan diagnostics and how to use this information to improve your scanning strategy.
Subsections
What Are Information Findings?
Information Findings refer to the information generated by the Scanner about the scan process itself, as well as the state of the target systems. These findings can include:
- Target Reachability: Information about whether the scanner was able to access and interact with the target systems or applications.
- Configuration Issues: Details about misconfigurations in the scan setup or the target environment that may have affected the results.
- Logs and Errors: Records of errors, warnings, or unexpected behaviour encountered during the scan.
- Interaction Details: Insights into how the scanner interacted with the target, such as successful or failed authentication attempts, form submissions, or navigation steps.
Where can I find Information Findings?
Information Findings are found on the scan's results page under the "Info" impact group:
Example Use Cases for Troubleshooting with Information Findings.
Web Application Scans:
- Diagnose issues with crawling, diagnose commonly observed URLs during the crawl phase that are missing in the scan's scope, that the scanner avoided actively scanning.
-
Identify authentication failures that prevented the scanner from accessing protected areas.
- Analyse performance issues caused by high network latency or bandwidth constraints.
-
Comments
0 comments
Article is closed for comments.