The Findings feature enables the detection of OWASP's 2019 top 10 API security issues within any of the discovered APIs on the platform. Being aware of and identifying these vulnerabilities enables you to apply remediation techniques, addressing issues such as broken authentication, mass assignment and security misconfiguration. Read more about the OWASP top ten API security risks here.
Findings can be detected when an event occurs, for example, when a specification is uploaded to the platform, or when a GitHub repository is scanned. In the backend an events processor checks if the criteria is met to create a finding. A single event can result in the discovery of multiple findings.
Navigate to Posture Management in the FireTail platform and select the Findings tab to view the findings.
The top of the findings page displays the total number of findings within each severity category. These categories are:
Click a severity, or multiple severities to view the findings of the selected severities.
Click Download to download a CSV file of the findings data. Learn more about how to download.
When viewing the findings you can choose grid view or list view. Toggle between grid and list to change the view.
The findings overview displays for each finding the:
Click individual findings to view further information.
Use the Filter function to view findings on the platform that match the criteria of your filter. Click Filters and apply one or more of the following filters:
Duration - this is the time from when the finding was created. You can filters to view findings created in the:
Select field - In the select field dropdown you can choose to filter by:
Click confirm to apply the filter parameters. The findings displayed reflects the parameters you have applied.
Each finding is tagged with a severity. You can redefine the default severity of the finding. The severities to choose from are:
The default status of a finding is Open, you can change the status of the finding.
Click on a specific finding to view further information.
In the findings details read additional information about why this finding has been discovered. The details page also displays where the issue has occurred within the file.
Assess your business needs before applying any remediation suggestions.
Fix the security issues described in the finding by following, if required the remediation steps.
The details page indicates which of the OWASP API security top 10 issues the finding corresponds to.