You can easily view scanned results on all domains after you have triggered the scan. Reminder that as this scan is a penetration assessment tool, simulating real-time attack to find weaknesses and vulnerabilities, each scan have to trigger manually.
Step 1: Select the scanned domain
1. Go to left menu and select AVS under Vulnerability Scanner section. You will see a list of scanned domain that have triggered earlier.
Each scanned domain comes with information:
a. Scanned date
b. Status of the scan
c. Scan results based on severities
2. Click on the domain that you want to view the scanned results in details.
3. The AVS scan report will be summarised into 5 categories of CWE and CVE vulnerabilities' severity levels; Critical, High, Medium, Low and Information.
Step 2: View details of vulnerabilities detected
There are 2 ways to view details of vulnerabilities detected.
1. Click on "Vulnerabilities Detected" (default selection).
All scanned results of all possible vulnerabilities detected will be automatically compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels.
Each of these possible vulnerability detected will be automatically mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security.
You can easily view your latest web application's compliances based on this each scanned results.
Step 3: Mitigate vulnerabilities
1. Click on "Mitigation & Task Assignment". Here you can sort the list based on severity that you intend to focus on.
2. For each vulnerability found, click "Mitigate" to view the details of vulnerability and how you and your team can mitigate it with AI-remediation suggestions. Also you can assign the mitigation task across team members and follow the mitigation status.
There are 2 main parts of mitigation:
Part 1
- AI False Positive Detector - to check with AI's analysis in real-time to ensure the detected vulnerability won't mistakenly identifies as a threat or risk.
- Task management - to assign the task across team members to fix and track the mitigation progress and status.
Part 2
- Vulnerability's type and information - to list in details information the found vulnerability.
- Generated By AI - to check with AI's analysis and it's recommended remediation in real-time.
Notes:
Each vulnerability detected or found have it own characteristic, type, severity and risk to you and company. That's why each vulnerability have it's own remediation to work on. That sometime to learn on about ArmourZero's AI-powered false positive detector and recommended remediation in the links provided above.