Manual ingestion of vulnerabilities for Application Vulnerability Response
Security professionals and application testers can create and manage the application penetration test findings within the Penetration Testing Workspace.
The Penetration testing forms are available in the Penetration Testing Workspace to document the vulnerabilities identified in the core business applications.
The security professionals and application testers can manually import findings from external sources and platforms using the provided templates in Excel or CSV format. All the vulnerability findings are made available in the Penetration Testing Workspace.
To access and download the template for uploading to Penetration testing workspace, navigate to .
A new penetration test form is created for every file upload for the respective application. All the vulnerability findings within that upload are associated to the same penetration test form. The Application Name must match with the
records in of the tables:
- Application Table
- Business Application Table
- Scanned Application Table
The Application Name is a mandatory field present in the template for identifying the vulnerabilities present within an application, associated to a penetration test form. Any record missing the Application Name will not be processed
and skipped during vulnerability creation.
Note:
Mandatory fields in the template are necessary for processing the penetration test findings. It is necessary to ensure all the fields in the template are intact to prevent any issues during
the processing of penetration test findings.
| Column Name | Mandatory | Description | Available Options/ Max characters in strings |
|---|---|---|---|
| Risk rating | Mandatory | Severity of the application vulnerable item |
Critical High Medium Low None (Default) |
| Requested by | Mandatory | Requested by | 151 |
| CWE category | Mandatory(Fill only one column) | CWE ID | 255 |
| Vulnerability ID | Mandatory(Fill only one column) | Vulnerability ID | 255 |
| Application | Mandatory | Application Name | 255 |
| Purpose of application | Mandatory | Purpose of application | 4000 |
| Types of sensitive data | Mandatory | List types of sensitive data accessible from applications | 40 |
| List of compliance programs | Mandatory | List of compliance programs | 4000 |
| Technology stack details | Mandatory | Technology stack details | 4000 |
| Application team | Mandatory | Application team Name; group responsible for developing and maintaining software applications | 100 |
| URLs to test | Mandatory | URLs to test | 4000 |
| Steps to reproduce | Mandatory | Steps to reproduce | 1000 |
| Technical details | Mandatory | Technical details | 1000 |
| Assigned to | Mandatory | Assigned to (individual responsible for conducting penetration tests and generating security findings) | 151 |
| Assignment group | Mandatory | Assignment group (group responsible for conducting penetration tests and generating security findings) | 151 |