The StackHawk Platform Scan Results view displays the results of all of your organizations scan activity. By default scans are ordered by the most recently completed scans. Each scan displays the number of paths and findings that were identified during the scan.
HawkScan results are populated in the scan list page. Metadata associated with your scan includes URI count. This is the number of paths the scanner was able to find and test. If this number is low, it is unlikely the scanner has found much of your application.
- Findings with significant impact and likelihood of exploit, usually with a known corresponding CWE or CVE attached to the vulnerability.
- Findings with significant impact or ease of exploit.
- Informational and low-impact discoveries, as well as security suggestions.
Findings are marked as New when they do not yet have another status assigned. These are items to be fixed or processed with another action to update the status. Triaged findings include Assigned, Risk Accepted and False Positive.
The Scan Details view displays the list of Findings identified by HawkScan. Each Finding displays the Criticality of the Finding and the current status of each path identified in the Finding. The Paths tab will allow you to view a list of all identified paths that were scanned. Typically if this number is low, it is unlikely the scanner has found much of your application.
The Finding Details view is the primary display for the specific finding. In addition to the list of identified paths, you will see a detailed description of the Finding along with a link to any available Cheet Sheets. For the selected path, you will see details of the Request and Response payloads for a particular finding.
By default Findings are marked as New. On future scan runs, the processed findings will still be tracked, but they will not be pushed as actionable items. On the Scans page, you will see processed findings denoted in gray, while actionable (new and unprocessed) findings will be called out. Finding Actions allow you to update a status on a specific path to one of the following:
- These are findings that have been assigned for review and/or fix in whatever issue tracking tool your team uses. These are items that are in a backlog or are in process for investigation or fix. Deeper integrations with workflow tools such as Jira are coming soon. As you mark a finding as assigned, you can include a link to the associated ticket in the comments.
- Scan results may include findings that are actually false positives, and thus do not require a fix. These can be marked as false positives to quiet future noise.
When you take action on a particular finding, you will be prompted to enter comments. This process creates documentation on why the action was taken and allows you to tie it to workflow tools like Jira
In addtion to the Request and Response payloads, you can utilize the Validate action to generate a curl command to recreate the attack. This curl command will have the correct HTTP verb, headers and data fields to recreate the potential attack. By running this curl command in debug mode in your IDE, you can step through the requests to identify where the bug lives in code.