Continuous Scan Details
The Continuous Scan Details page provides a comprehensive view of a specific continuous scan, covering its progress, vulnerabilities, details, and key metrics.
Once you start a continuous scan on your target, understanding the details of the scan becomes crucial. These details provide insights into vulnerabilities discovered, testing and actionable findings that help strengthen your organization's security posture. This article aims to break down each section of the page to ensure you can utilize the information on the Continuous scan details Page to manage your scan assessments effectively.
Request Vetting: This action allows you to request a vetting of the identified vulnerabilities by Astra's security experts. Vetting helps to ensure that the vulnerabilities are correctly identified and prioritized. Learn more about the vetting process.
Generate Reports: You can generate detailed reports of your scan results, which can be shared with stakeholders or used for further analysis. How to generate and manage reports.
Get Sitemap: This feature generates a list of every endpoint scanned in your application, giving you a detailed overview of your application's structure.
Vulnerabilities Unsolved: The number of unsolved vulnerabilities.
High Severity Vulnerabilities: The number of high-severity vulnerabilities for this pentest.
Potential Loss Saved: The estimated financial loss prevented by addressing the vulnerabilities.
The progress of your continuous scan is displayed through a progress bar on the right side of the page, visually representing each stage of the scan process. Each stage is marked with a checkmark upon successful completion.
The progress bar provides a visual indication of the continuous scan status, covering stages such as:
Connectivity Check: In this initial stage, the scanner attempts to access your target. If your application or asset is protected by a firewall or Cloudflare, the connectivity check might fail. When this happens, it’s essential to whitelist the scanner's IP addresses to ensure the scan can proceed. If the check fails, reviewing and adjusting your security settings is necessary to continue with the scan.
Login Recording: If your target requires user authentication, Astra allows you to configure the scanner to perform an authenticated scan, similar to how a logged-in user would interact with the application. During this stage, you need to enter the credentials for the different user roles in your application. This setup ensures that the scanner can access areas of your application that require authentication. If you encounter issues with login recording, refer to our help article on setting up login recording for detailed guidance.
How to record a login sequence with Chrome DevTools recorder?
Vulnerability Scanning: This stage involves a comprehensive scan for vulnerabilities within your application. The scanner checks for a wide range of security issues, ensuring that all potential vulnerabilities are identified.
CVEs Scanning: In this phase, the scanner searches for known vulnerabilities, specifically Common Vulnerabilities and Exposures (CVEs). The scanner cross-references your application against Astra’s own database of CVEs to identify any potential security risks.
We offer a comprehensive approach to assessing and mitigating security vulnerabilities in your applications. As part of this process, we assign a risk score to each reported vulnerability to help prioritize remediation efforts.
Additionally, we provide a security grade (A through F) to indicate the security level of your target. You can use this grade widget to address vulnerabilities and improve your grades for a continuous scan which eventually will result in better security posture. Improving your grades involves addressing high-severity vulnerabilities promptly. More about grades and their calculation here
The Vulnerability Severity graph provides a comprehensive overview of the status and severity of vulnerabilities detected during your pentest.
This heatmap-style chart helps you quickly assess the criticality and resolution status of each vulnerability, enabling you to prioritize remediation efforts effectively. On this chart, each column represents a different status category for vulnerabilities. While each row represents a different severity level of vulnerabilities. Read more about detailed explanation of each here.
Each cell in the heatmap represents the count of vulnerabilities for a specific combination of status and severity, you can view this information by hovering over a cell of the heatmap
At the center of the Continuous Scan Details page, you'll find a table listing all the vulnerabilities detected during the scan. This table is equipped with powerful filters, sorting options, and a search bar, making it easy to find specific vulnerabilities. You can click on any listed vulnerability to view detailed information about it. Learn more about viewing and managing vulnerabilities.
Continuous scans are designed to run automatically at regular intervals, ensuring that your systems are consistently monitored for vulnerabilities. However, the frequency can vary depending on your specific security needs and the criticality of your assets.
The grades on the Continuous Scan Details page represent an overall assessment of your security posture based on the vulnerabilities identified during the scan. Each grade is calculated by considering the severity, number, and type of vulnerabilities found. A higher grade indicates a better security posture, while a lower grade suggests that there are significant vulnerabilities that need attention. To improve your grades, prioritize resolving high-severity vulnerabilities and regularly monitor your systems.
Once you start a continuous scan on your target, understanding the details of the scan becomes crucial. These details provide insights into vulnerabilities discovered, testing and actionable findings that help strengthen your organization's security posture. This article aims to break down each section of the page to ensure you can utilize the information on the Continuous scan details Page to manage your scan assessments effectively.
What actions are available on the Continuous Scan Details?
There are 3 main actions available on the continuous scan details page:
Request Vetting: This action allows you to request a vetting of the identified vulnerabilities by Astra's security experts. Vetting helps to ensure that the vulnerabilities are correctly identified and prioritized. Learn more about the vetting process.
Generate Reports: You can generate detailed reports of your scan results, which can be shared with stakeholders or used for further analysis. How to generate and manage reports.
Get Sitemap: This feature generates a list of every endpoint scanned in your application, giving you a detailed overview of your application's structure.
You will also find 3 key metrics on this section:
Vulnerabilities Unsolved: The number of unsolved vulnerabilities.
High Severity Vulnerabilities: The number of high-severity vulnerabilities for this pentest.
Potential Loss Saved: The estimated financial loss prevented by addressing the vulnerabilities.
Tracking the Progress of the Scan
The progress of your continuous scan is displayed through a progress bar on the right side of the page, visually representing each stage of the scan process. Each stage is marked with a checkmark upon successful completion.
The progress bar provides a visual indication of the continuous scan status, covering stages such as:
Connectivity Check: In this initial stage, the scanner attempts to access your target. If your application or asset is protected by a firewall or Cloudflare, the connectivity check might fail. When this happens, it’s essential to whitelist the scanner's IP addresses to ensure the scan can proceed. If the check fails, reviewing and adjusting your security settings is necessary to continue with the scan.
Login Recording: If your target requires user authentication, Astra allows you to configure the scanner to perform an authenticated scan, similar to how a logged-in user would interact with the application. During this stage, you need to enter the credentials for the different user roles in your application. This setup ensures that the scanner can access areas of your application that require authentication. If you encounter issues with login recording, refer to our help article on setting up login recording for detailed guidance.
How to record a login sequence with Chrome DevTools recorder?
Vulnerability Scanning: This stage involves a comprehensive scan for vulnerabilities within your application. The scanner checks for a wide range of security issues, ensuring that all potential vulnerabilities are identified.
CVEs Scanning: In this phase, the scanner searches for known vulnerabilities, specifically Common Vulnerabilities and Exposures (CVEs). The scanner cross-references your application against Astra’s own database of CVEs to identify any potential security risks.
How to Improve Your Security Posture with Grades?
We offer a comprehensive approach to assessing and mitigating security vulnerabilities in your applications. As part of this process, we assign a risk score to each reported vulnerability to help prioritize remediation efforts.
Additionally, we provide a security grade (A through F) to indicate the security level of your target. You can use this grade widget to address vulnerabilities and improve your grades for a continuous scan which eventually will result in better security posture. Improving your grades involves addressing high-severity vulnerabilities promptly. More about grades and their calculation here
Understanding the vulnerability severity heat map
The Vulnerability Severity graph provides a comprehensive overview of the status and severity of vulnerabilities detected during your pentest.
This heatmap-style chart helps you quickly assess the criticality and resolution status of each vulnerability, enabling you to prioritize remediation efforts effectively. On this chart, each column represents a different status category for vulnerabilities. While each row represents a different severity level of vulnerabilities. Read more about detailed explanation of each here.
Each cell in the heatmap represents the count of vulnerabilities for a specific combination of status and severity, you can view this information by hovering over a cell of the heatmap
Where to View the Reported Vulnerabilities during the Continuous Scan?
At the center of the Continuous Scan Details page, you'll find a table listing all the vulnerabilities detected during the scan. This table is equipped with powerful filters, sorting options, and a search bar, making it easy to find specific vulnerabilities. You can click on any listed vulnerability to view detailed information about it. Learn more about viewing and managing vulnerabilities.
Frequently Asked Questions (FAQs)
1: How often should I run continuous scans?
Continuous scans are designed to run automatically at regular intervals, ensuring that your systems are consistently monitored for vulnerabilities. However, the frequency can vary depending on your specific security needs and the criticality of your assets.
2: How do I interpret the grades given to my scan results?
The grades on the Continuous Scan Details page represent an overall assessment of your security posture based on the vulnerabilities identified during the scan. Each grade is calculated by considering the severity, number, and type of vulnerabilities found. A higher grade indicates a better security posture, while a lower grade suggests that there are significant vulnerabilities that need attention. To improve your grades, prioritize resolving high-severity vulnerabilities and regularly monitor your systems.
Updated on: 24/09/2024
Thank you!