The Findings feature enables the detection of OWASP's 2019 top 10 API security issues within any of the discovered APIs on the platform. Being aware of and identifying these vulnerabilities enables you to apply remediation techniques, addressing issues such as broken authentication, mass assignment and security misconfiguration. Read more about the OWASP top ten API security risks here.
Findings can be detected when an event occurs, for example, a collection is uploaded to the platform, or when a GitHub repository is scanned. In the backend an events processor checks if the criteria is met to create a finding. A single event can result in the discovery of multiple findings.
Navigate to Posture management in the FireTail platform and select the Findings tab to view the findings.
The top of the findings page displays the number of finding within each severity category. These categories are:
When viewing the findings you can choose grid view or list view. Toggle between grid and list to change the view.
Each finding is displayed in a card which gives you an overview of the finding, each card displays:
Click the card to view further information about the finding.
The list view displays the findings in a table format. The table displays:
Click the title to view further information about the finding.
You can apply various filters to the findings on the platform. The filter enables you to filter by:
Findings can be filtered by time. Select from:
Select Custom and enter a Start date and an End date to filter by a specific timeframe. Click confirm. The findings displayed reflects the time frame selected
Each finding is tagged with a severity. You can redefine the preselected severity. The severities to choose from are:
The default status of the finding is Open, you can change the status of the finding.
Click on the finding to view further information. Select to view the Report or Remediation tabs.
The report gives you additional information about the finding and details where the issue has occurred within the file.
The compliance displays which of the OWASP API security top 10 issues the finding corresponds to.
Assess your business needs before applying any remediation suggestions.
Fix the security issues described in the finding by following, if required the remediation steps.