Filtering a list of security issues in an application
When an application has many scans that discover many vulnerabilities, use filters on the preset issue attributes, such as Issue Severity, Issue Type, or Issue Status to help you reduce the list to a more manageable size.
About this task
- ID
- Location
- Last Updated
- Date Created
- Fixed Date
- Description
- IssueXML
- Comments
Procedure
- Open the first application that you plan to triage. By default, the list of issues is grouped by Severity. You can also group the issues by Issue Type, Status, or Scanner instead. The classification filters for the list automatically display in the sidebar.
-
Use the Add filters field to further refine the filter list. For
example, to find URLs that are vulnerable to security issues, filter by
Domain and then by Path. The list shrinks to show you
all the vulnerabilities that are discovered on that page. If the list is still large, filter by
Issue Type or Issue Severity.
Note: If you filter by a status that is customized to be hidden from view (noise, passed, or fixed), the filtered status is still displayed in the issue list.
- To find a specific issue, enter its Issue ID number in the Add filters field. This is useful to finding issues that you might have noted in an email, in a PDF, defect tracking system, or in an old report.
- To focus on dynamic analysis (DAST) or static analysis
(SAST) issues, filter by Discovery Method.
Then, you can filter by Issue Type and then
by Path.
- Click the Issue ID of each issue to open a unique About this Issue report. The report provides details about the issue and offers How to Fix for QA and web developers to use during their remediation process.
- Filter by Scan Name to isolate the area of the application that is producing the vulnerabilities. This method can help you see whether you have complete coverage for the application. It is useful when you have many issues for an application, or many scans for an application. Then, filter by Issue Type.
-
To make SAST issue column headers visible, select them from the Column
Selection grid layout menu. By default, these column headers are hidden because the SAST
issues must be imported from AppScan® Source.