Skip to main content

Vulnerability Details

Overview

Managing and Reviewing Vulnerability Details

What is the Vulnerabilities Details Section?

The Vulnerabilities Details section provides essential actions for managing, tracking, and responding to identified security risks in APIs. It allows security teams to analyze findings, manage false positives, log security issues, and export vulnerability details for further investigation or remediation.

Effective vulnerability management ensures that security risks are properly assessed, categorized, and either mitigated, documented, or marked for review.

Key Actions Available in the Vulnerabilities Details Section

  1. Accept Vulnerability Risk

    • When a vulnerability is identified but deemed acceptable based on risk assessment, it can be marked as an accepted risk.
    • This is useful for cases where fixing the vulnerability is not feasible or poses minimal security impact.

  2. Marking False Positives

    • If a vulnerability is incorrectly flagged, it can be marked as a false positive to prevent unnecessary remediation efforts.
    • Helps improve accuracy by distinguishing real threats from benign findings.

  3. Create Ticket

    • Security teams can create a tracking ticket directly from the vulnerability details page.
    • This ensures vulnerabilities are logged in issue-tracking systems such as Jira, GitHub Issues, or other ticketing platforms.
    • Useful for assigning remediation tasks to developers and tracking resolution progress.

  4. Export as cURL

    • Allows users to generate a cURL command that reproduces the API request associated with the vulnerability.
    • Helps developers and security analysts test and validate the issue efficiently.

  5. Export Logs

    • Enables exporting of detailed vulnerability logs for further analysis, audit purposes, or reporting.
    • Helps security teams document findings and maintain records for compliance.

Why is This Important?

  • Ensures vulnerabilities are properly classified and managed within security workflows.
  • Helps reduce false positives, ensuring only valid security threats are prioritized.
  • Provides a structured approach to tracking, logging, and resolving security issues efficiently.
  • Facilitates collaboration between security and development teams for faster remediation.

By leveraging these tools, organizations can maintain better visibility, tracking, and control over API security risks.