Overview of Reports
After a scan is complete, you can generate a report on Invicti to provide you with information on the scan results in summary or detailed form, as well as vulnerability details. There are many types of reports, such as built-in reports, report templates, lists, and custom reports. Invicti also enables you to generate statistical reports, troubleshoot inconsistent scan results, and create a custom report policy.
Why Do We Need Reports?
Web security scanning is of no value unless scan reports are generated. Invicti sends the right reports to the right audience. Reports provide evidence that a web application security scan has taken place and is completed. Reports are able to give different types and levels of users all the information they need about the related scan:
- Support departments need reports to enable them to focus on discovered vulnerabilities and anticipate client needs
- Directors need reports to enable them to provide evidence of compliance for councils and other legislative bodies
- Managers need management reports to enable them to understand the potential business implications so that they can prioritize the fixing of issues
- Developers need technical reports to enable them to start fixing each issue and vulnerability
Reports Help You Meet Compliance Regulations
Whether your organization needs to meet ISO 27001, PCI DSS, HIPAA, or the standards of other compliance and regulatory bodies, reports help you to identify the areas in which your web application falls short.
But it is also important for organizations to develop their own data security standards and information security policies. For some regulations – such as PCI DSS – it is essential to do quarterly scans. By creating reports, you can observe and record the changes in security improvements that your organization makes in each quarter. That way, you can continue working toward meeting the requirements.
For further information, see HIPAA Compliance Report, ISO 27001 Compliance Report, OWASP Top Ten 2013 Report, OWASP Top Ten 2017 Report, PCI DSS Compliance Report, SANS Top 25 Report, and WASC Threat Classification Report.
Reports Help You Fix Issues
Once the scan has finished, Invicti will send you an email with a summary of the results. This provides you with a basic overview of the issues and vulnerabilities that Invicti has discovered. If you want detailed information for each issue, you need to generate the relevant report.
Reports are important for learning about the actions that need to be taken for each issue. In this way, you can begin to solve each issue in order to make your web applications more secure. Reports can also help you keep track of your developers’ productivity and capabilities, ensuring that no vulnerability reaches your Live environments.
Invicti has a huge vulnerability database that gives information on the Impact, Actions to Take, Remedy, References, Classification, CVSS Score, and Proof of Concept or Proof of Exploit for each issue.
For further information, see Detailed Scan Report, Knowledge Base Report, and Troubleshooting Inconsistent Web Security Scan Results.