Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
12593 views

Vulnerability Categories

Hi All,

 

Does any one have the total list(important) of vulnerability Categories with detailed validation steps? If so,Kindly share and do the needful.

 

Most Appreciated If anyone respond quickly.

 

Many Thanks,

Sreekar

0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

SReekar;

 

There is no central listing of all of WebInspect's available attacks as there is for our SAST products (VulnCat = http://www.hpenterprisesecurity.com/vulncat/en/vulncat/index.html).

 

The WebInspect Data Sheet does list the general attacks available in WebInspect, towards the end.

 

 

If you have the product installed, the Policy Manager tool offers three views to display and browse the available attacks:  Threat Classification, Severity, Attack Groups.  Reviewing these should give you additional data on the Categories available.

 

 

Since the Remediations offered are individualized for each vulnerability, there is no single Remediation available for the attack Categories.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Absent Member.
Absent Member.

Hi HansEnders,

The above is very informative and useful to validate the major vulnerbilties like(XSS,SQL injection,XSS Forgery etc.,).

Thank you so much for provided information.

Warm Regards,
Sreekar
0 Likes
Absent Member.
Absent Member.

Also, if you want to see the complete list of vulnerabilities that are tested, open the policy manager, and select the "Search View" button. Once that loads, select the following Criteria:  "Vulnerability ID"  "is less than"  enter 13000 (or larger, they're currently numbered less than 11300), and hit the "search" button. 

 

The returned list is all the Vulnerabilities covered by the tool.

0 Likes
Absent Member.
Absent Member.

Hi,

 

let me try this! Thank you so much for your additional info.

 

Regards.

0 Likes
Captain Captain
Captain

Dear all

I am still looking for an offline list of all available Vulnerability Categories which can be sorted by technology / programming language i.e. as Excel, CSV or as XML. I have a potential customer for Fortify SCA and he likes to get an overview about the issues which can be detected for a specific technology.

If such an offline document is not available, can it be extracted from the SSC server with some query?

regards
Mark

 

0 Likes
Micro Focus Expert
Micro Focus Expert

The best resource for the listing of Fortify SCA SAST attack/analysis categories is the Fortify "vulncat" (Vulnerability Categorization).  It has always been on-line, and I may have seen one off-line copy long ago, but it has been revamped with the 2017 spin-merge to Micro Focus and it no longer offers a download or output.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.