Interpreting the testing results

This chapter will provide you with an overview of testing result interpreting tools on the My Wallarm portal. Upon completion of this chapter, you will have obtained some additional information about the XSS vulnerability discovered in the previous chapter.

  1. You could use the dashboard to have a quick look at what is going on. The dashboard provides you with a summary about all the test runs and their statuses, along with vulnerability counts for a chosen period of time.

    Dashboard

    You could use an event search tool as well. To do that, select the “Events” tab, and enter the necessary request into the search box. Help through available through the link “How to search” which is located near the search box.

    ![Events][img-events]

    See the link for more information about using the search tool.

  2. If you select the “Testruns” tab, you observe the list of all the test runs along with some brief information about each of them, such as

    • Test run status (in progress, successful or failed)
    • If a baseline request recording is in progress
    • How many baseline requests were recorded
    • What vulnerabilities were found (if any)
    • The domain name of the target application
    • Where the test generation and execution process took place (node or cloud)

    Testruns

  3. You can explore a test run in detail by clicking on it:

    Test run expanded

    You will obtain the following information from an expanded test run:

    • The number of processed baseline requests
    • The test run creation date
    • The test run duration
    • The number of requests that were sent to the target application
    • The status of the baseline requests testing process:

      • Passed Status: Passed

        No vulnerabilities were found for the given baseline request (it depends on the chosen test policy, if you choose another one, then some vulnerabilities might be found) or the test policy is not applicable to the request.

      • Failed Status: Failed

        Vulnerabilities were found for the given baseline request.

      • In progress Status: In progress

        The baseline request is being tested for vulnerabilities.

      • Error Status: Error

        The testing process was stopped due to errors.

      • Waiting Status: Waiting

        The baseline request is queued for testing. Only a limited number of requests can be tested simultaneously.

      • Interrupted Status: Interrupted

        The testing process was either interrupted manually («Actions» → «Interrupt») or another test run was executed on the same FAST proxy node.

  4. To explore a baseline request in detail, click on it:

    Test run expanded

    For each individual baseline request the following information is provided:

    • Creation time
    • The number of test requests that were generated and sent to the target application
    • The test policy in use
    • The request processing status
  5. To view the full log of the request processing, select the “Details” link on the very right:

    Request processing log

  6. To obtain an overview of vulnerabilities found, click on the “Issue” link:

    Vulnerabilities brief description

    To explore a vulnerability in detail, click on the vulnerability description:

    Vulnerability details


Now you should be familiar with the tools that help you to interpret the testing results.

results matching ""

    No results matching ""