Working with Assessments

Assessments are where you are able to view the results of your the security testing, and download reports (if available).

Clicking on the Assessmentslist

image-20210514140537239

Summary

image-20210514141202983

The Assessment view shows you all of the useful details relating to the Assessment. Here you can get an overview of the finding counts, what state the assessment is in, the description of the assessment, access to any associated reports (reports can be linked to more than one assessment) and so on. You can also view the list of associated findings from here, to begin drilling down into the details of the assessment’s results.

Assessment states

Assessments can be in the following states:

  • New: An assessment that has been newly created, but has not been scheduled yet.

  • Scheduled: An assessment that has been scheduled to begin.

  • Active: An assessment that is currently being worked on by the assessment team. Active assessments are those which the assessment team are currently working on (e.g. technical pentesting, controls audit). Assessment results may be updated periodically during the Active stage.

  • Completed: An assessment that has been completed by the assessment team, and the results updated in the Portal.

  • Suspended: An assessment that has been suspended by the assessment team. Suspension might be due to the environment not being available, access not provided, and so on.

  • Cancelled: An assessment that has been cancelled by the assessment team. Cancellations may occur due to various reasons, but it’s generally

Findings

Findings come from Canopy and are presented in the Portal. Through this, you can get an up-to-date list of findings during and at the end of the assessment, eliminating the need for static reports to be shared. Of course, if you need static reports, those can be requested from the assessment team - as sometimes these are necessary/useful for sharing with auditors etc.

Note

At the moment, the functionality is limited to viewing the results, although further improvements around triaging and sharing findings will be introduced over time.

The finding list under the assessment shows all of the findings currently available for the assessment. The statusis used to indicate what state a finding is in. Such states can be:

  • Open: a finding that remains exploitable.

  • Partially resolved: a finding that has been partially resolved (e.g. 5 instances out of 10 cross-site scripting addresses), but the finding itself has not been fully addressed.

  • Resolved: a finding that has been indicated as resolved (e.g. fixed, risk reduced).

  • Out-of-scope: a finding that was identified, but was not considered to be within the scope of the assessment.

image-20210517100420983

A finding shows information that can help you understand what the problems are, and ideally how they should be addressed. Recommendations and guidelines may vary, as in some cases (e.g. legal/compliance) the requirements for resolving an issue will be very precise. Whereas with other issues (e.g. technical problems) there may be several options with pros and cons that need to be considered.

image-20210517113209911

The finding view may also include references, and other information to help you both understand and track the finding towards resolution.

Additionally, findings may include evidence. Evidence is linked to a given target (this could be a website, a server/IP, a binary application, a building, etc.). Evidence is typically in the form of text snippets, code snippets, screenshots and so on:

image-20210517113533408

Note

Other evidence formats, including files and video, are on Portal’s roadmap.