Document Version: 3.4
© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.
This document provides users with a comprehensive overview of the Assets. It is assumed that the reader has basic access to the OUTSCAN/HIAB account with Appsec subscription.
Assets are unique hosts found during the discovery stage or added automatically while creating a configuration. An asset can also be linked to a group of configurations. So, one asset can have hundreds of configurations which are being scheduled and scanned independently.
These assets are uniquely defined based on their IP or hostname. Their risk profile in form of top recommended solutions and risk charting provide a quick way of assessing the criticality of an asset, its association with other assets and already performed scans.
The Assets view lists all tracked IPs and hostnames.
To customize the view,
- Click on Filter icon to see the available columns and filtering options. See Common Settings, for more information.
- Add desired columns by clicking on the Show/Hide Column icon.
Select an asset to view its details on the right side of the window.
Assets - Details
Displays the information about when the asset was first seen, last seen and the risk overviews associated with that specific asset.
Displays list of scans along with the status and results of each scan of that asset.
Displays the IPs, hostnames and services associated with the selected asset.
Services tab displays the below details only if any of the services is linked to the asset.
The details include:
- Site map
- Detected components
- SSL certificate details
ATTACK SURFACE (SCOUT Only)
See Scout for detailed information.
SWAT Assets (SWAT Only)
The SWAT Assets view lists all of the SWAT web applications and instances.
Select an application to view its details on the right side of the window.
SWAT Assets - Details
The Findings tab presents a pie graph with a summary of all of the findings and their severity based on CVSS v2 scoring system. A list of the findings used to build the chart can be found underneath. Clicking on any of the findings takes you directly to the findings section and automatically open the details of the finding. The table inside the Findings tab is also automatically filtered by the instance that you are viewing. If you wish to go back to SWAT Assets view, either click on the SWAT Assets button in the upper menu or use back button or perform a back action in your browser to return.
OWASP TOP 10
The OWASP Top 10 tab presents an overview of the OWASP Top 10 2017 application security risk areas in which vulnerabilities were detected:
If executive summary is available for the selected application, it is displayed here.
See Add a Configuration, for information on how to add an asset.
Configure Authentication for an Asset
See AUTHENTICATION, for configuring authentication for an asset.
Select an asset to view the additional user actions.
Click on Configure Asset, to make a default configuration for the selected asset.
Click on Submit for Scoping, to submit the selected assets for scoping.
Fill in the required details and click SUBMIT.
Option Description Solution
Apply a solution to the targets that you submit for scoping.
Target Start Date
The date for the testing to start. If the desired date is unavailable, a new date is suggested.
The URL of the specific application that should be covered by this test.
Administration interface URLs
Any administration interface present on the application.
Out of scope URLs
URLs that are not considered to be in scope of the testing. Example: a feature hosted by a third party.
Known sensitive functionality
Any known sensitive functionality that may be affected by security testing.
Test credentials to be used during testing. Either basic authentication or web-based.
Components and Technologies
Standard components and technologies used by the web application like Drupal, ASP .NET, MongoDB.
The part of the web application that is most important to test, e.g. order section, administer users, searching etc.
See Tags to know how to add or remove tags to an asset.
Click on Generate report to download a report. See Reports, for more information.
- Select the assets to be deleted, and click on the Delete button at the bottom of the view.
- Confirm the action by clicking DELETE.
Deleting assets removes data associated with the asset findings. It however does NOT remove the associated configurations, schedules, scans or other assets linked to the deleted asset.