Viewing penetration test results
Pentest issues have an analyzer attribute equal to pentest, and an analysis type attribute that reflects the tool or service (for instance, OpenText DAST issues have the WEBINSPECT analysis type. You can view these attributes through the standard grouping and search mechanisms.
After you select a pentest issue, Fortify Audit Workbench displays the penetration test details on the Pentest Details tab. The following table lists the penetration test details.
| Pentest Detail | Description |
|---|---|
| Request | Click the question mark button to view the full request. |
|
Path |
Web address without the context and parameters. |
|
Referer |
Referer header in the request. |
|
Method |
Either GET or POST. |
|
Parameters |
Parameters included in the HTTP query. |
|
Cookies |
Cookies included in the HTTP query. |
|
Attack Type |
Type of pentest attack conducted (web address, parameter, header, or cookie). |
|
Attack Payload |
Part of the request that causes the vulnerability. |
|
Trigger |
Part of the response that shows that a vulnerability occurred. To view the full response, click the question mark button next to the trigger. |