Document Version: 1.0

Date2021-04-27


Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Purpose

This document provides users with a comprehensive overview of Web Applications. It is assumed that the reader has access to the OUTSCAN/HIAB account with an active SWAT subscription. 

Introduction

The Web Application tab displays a card for each SWAT Webapp. Clicking on the web app allows you to see some basic information on findings trends, fixed trends, and OWASP category failures.

Prerequisites

The reader needs basic access to the OUTSCAN/HIAB account with an active SWAT subscription.

Web Applications

In the Web applications view, all the SWAT assets are listed in the form of cards. Each card is a graphical representation of CVSSv3, number of findings, and risk level on findings. 

Info

The border colour of a card indicates the highest risk level of its findings. The colour of the disc and the number indicates the number of findings found and respective risk levels. 

Last finding: Indicates the date of last finding found. 

Green: No connected assets or findings are found. 



Click on each card to see a dashboard overview and the crawl chart. By default, all the instances are listed under that webapp.

Overview

The webapp entry at the top is the combined data for all instances. When you click on an instance, it filters the dashboard to only show findings for that instance. The same filtering applies to the crawl chart as well.

The dates of last finding found and last finding fixed are displayed at the bottom of the respective columns.

Crawl Chart

This tab represents a crawl chart of the pages of the application crawled by the SWAT automated scanner. It is further limited by any active deny lists in use and the access rights of the credentials used to perform the crawl and does not account for the manual testing coverage completed on a regular basis by the analysts.

Note

This should be viewed as an indication of coverage only, and not the definitive coverage of your web application.


Info

The chart shows the data from the last scan. It varies from day to day depending on the time you review the information vs the coverage of the last scan.

Click on each inner disc to see the details. On the right side of this chart, all the urls are listed.