Standard reports
The following table describes the standard reports that are available.
| Report | Description |
|---|---|
|
Aggregate |
This report is designed for multiple scans. You can select which severity categories to report, report sections (server content and vulnerability detail), and session information (responses and requests). Stack traces can also be reported, when available. |
|
Alert View |
This report lists all vulnerabilities sorted by severity, with a hyperlink to each HTTP request that elicited the vulnerability. It also includes an appendix that describes each vulnerability in detail. |
|
Attack Status |
For each attack agent (check) employed during the scan, this report lists the vulnerability ID number, check name, vulnerability severity, whether or not the check was enabled for the scan, whether or not the check passed or failed (i.e., did or did not detect the vulnerability), and (if it failed) the number of URLs where the vulnerability was detected. You can select to report vulnerabilities of a certain severity as well as the pass/fail status. |
|
Compliance |
This report provides a qualitative analysis by grading how well your application complies with certain government-mandated regulations or corporate-defined guidelines. |
|
Crawled URLs |
For each URL encountered during the crawl, this report lists any cookies sent and the raw HTTP request and response. |
|
Developer Reference |
Totals and detailed description of each form, JavaScript, email, comment, hidden control, and cookie discovered on the website. You can select one or more of these reference types. |
|
Duplicates |
This report contains information about vulnerabilities detected by OpenText DAST Agent that were traceable to the same source. It begins with a bar chart comparing the total number of uncorrelated vulnerabilities to the number of unique vulnerabilities. |
|
Executive Summary |
This report lists basic statistics, plus charts and graphs that reflect your application's level of vulnerability. |
|
False Positives |
This report displays information about URLs that OpenText DAST originally classified as vulnerabilities, but were subsequently determined by a user to be false positives. |
|
QA Summary |
This report lists the URLs of all pages containing broken links, server errors, external links, and timeouts. You can select one or more of these categories. |
|
Scan Difference |
This report compares two scans and reports the differences, such as vulnerabilities, pages, and file-not-found responses that occur in one website but not the other. |
|
Scan Log |
Sequential list of the activities conducted by OpenText DAST during the scan (as the information appears on the Scan Log tab of the summary pane). |
|
Trend |
This report enables you to monitor your development team's progress toward resolving vulnerabilities. For example, you save the results of your initial scan and your team begins fixing the problems. Then once a week, you rescan the site and archive the results. To quantify your progress, you run a trend report that analyzes the results of all scans conducted to date. The report includes a graph showing the number of vulnerabilities, by severity, plotted on a timeline defined by the date on which each scan was conducted. Important: To obtain reliable results, make sure you conduct each scan using the same policy. |
|
Vulnerability (Legacy) |
This is a detailed report of each vulnerability, with recommendations concerning remediation. |
|
Vulnerability |
This report also presents detailed information about discovered vulnerabilities, sorted by severity. |