Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Anchor
qualitymodel
qualitymodel
Risk Model tile

Image Modified

This default tile displays "at a glance" information about the current Application status:

...

Clicking this tile will take you directly to the Risk investigation view (this can also be accessed by clicking the button  button available in the sidebar).

Rule specific tiles

Additional tiles are displayed as follows - these are non-clickable and ONLY display Critical Violations (i.e. are not impacted by the Critical Violations filter option in the top menu bar).

TileDescription

Image Added

This tile displays the number of Critical Violations in the Application for the rule CWE-89: Avoid SQL injection vulnerabilities - 7742.

Image Added

This tile displays the number of Critical Violations in the Application for the rule CWE-79: Avoid cross-site scripting DOM vulnerabilities - 7740.

Image Added

This tile displays the number of Critical Violations in the Application for the rule CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute - 8240.

Image Added

This tile displays the total number of Critical Violations in the Application for the following rules:

  • Avoid creating cookie without setting httpOnly option - 1020728
  • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute - 8240.

Note that:

  • If the corresponding Quality Rules are available but have 0 violations, the tile will display "0 critical violations".
  • If the corresponding Quality Rules are not available the tile displays "N/A critical violations".

 

Application Components tile

...

Select an object in the list of violations to view its source code. In order to focus investigation, source code displayed presents either:

...

  • the object in violation
  • or the violation details when available (e.g. bookmarks, paths).
  • Whenever a piece of code is made available, the View File button (seen in the example below) provides the ability to open the entire source code file to get the entire context. The file is opened in a separate browser window. The entire source code is presented plus some context (application name, snapshot reference, file name).

    The Rule name is also highlighted using colour (yellow for a standard Rule (as shown below), and red for critical):

    ...

    If a "copy/pasted" Rule has been selected (for example Avoid Too Many Copy/Pasted Artifacts), a list of objects that have a high level of similarity with the selected objects will be listed:

    ...