About the AppSec Report
The Application Security report helps you understand the risk impact of Code Projects and Websites on your organization. Get visibility into AppSec-filtered MTTR, Assets SLA Compliance and Risk Mass. Use this actionable report to understand the impact of application vulnerabilities on your organizational cyber risk, prioritize remediation based on CWEs, and access AppSec-filtered assets and vulnerabilities tables to create remediation campaigns and fix application security weaknesses before they affect your users.
Use the Filters pane on the right to focus your report. Click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and information.
Before you dive in
First, make sure you cover Reports (Analytics) Filters and Data Drilling to learn about the expected behavior of the trends and the presented data.
KPIs
The AppSec KPIs are the first and main widgets you encounter when entering the AppSec report.
What does each KPI represent?
KPI | Description | What to strive for? |
AppSec Security Posture Rating (SPR) | Percentage of AppSec assets that comply with your security posture policy (with a maximum risk score below the SPR risk threshold). The higher the SPR is, the more compliant your environment is with the organization's security posture. This KPI also indicates the % of positive (in green) or negative (in red) stats change compared to previous periods. | The higher the SPR is, the more compliant your environment is with the organization's security posture. |
AppSec MTTR in days | "Mean Time To Remediate" is an industry-standard KPI for remediation progress. In this context, it represents the average time in days it takes to remediate findings (instances) on AppSec assets. The days count starts when a campaign starts and ends when remediation is completed. | The lower the MTTR, the quicker your organization will be able to remediate AppSec vulnerabilities. |
AppSec Assets SLA Compliance | The percentage of compliant AppSec assets, i.e., the percentage of AppSec assets that are compliant with the SLA policy. The higher the SLA Compliance, the more compliant your AppSec-related environment is with the organization's security posture. | The higher the SLA Compliance, the more compliant your AppSec-related environment is with the organization's security posture. |
Widgets and trends
Average Findings (Instances) Age and Risk Mass by Business Group
Scatter plot representing Business Groups with AppSec assets, comparing the Business Groups' Risk Mass and average findings (instances) age. This widget helps you understand what AppSec Business Groups have the most impact on the organization's SPR. The AppSec Business Groups with the highest impact on your organizational SPR are located at the top-right quarter (in red). Strive to have your AppSec Business Groups at the bottom-left quarter of the scatter plot (in green) by remediating vulnerabilities on AppSec assets. By default, this widget displays Business Groups that contain at least one AppSec asset. To gain the most out of this widget, we recommend you create dedicated Business Groups that contain AppSec assets only. See "How to create an AppSec Business Group and why" for more details.
AppSec Findings (Instances) by Risk Level
Count of findings (instances) on AppSec assets by Risk Level (None, Low, Medium, High, and Critical).
AppSec Assets
Dynamic list of Application Security assets (Code Projects and Websites). Use the filters throughout the report to narrow down the list of assets.
AppSec Unique CWEs
A dynamic, detailed list of unique CWEs on AppSec assets. The trend in the "Vuln. Instances" column indicates the change in the findings (instances) count over the selected period of time. Hover over the trend line to see the change range. This dynamic list responds to selecting other data elements in other widgets.
AppSec Unique Vulnerabilities
A dynamic, detailed list of unique vulnerabilities on AppSec assets. The trend in the "Assets" column indicates the change in the number of assets over the selected period of time. Hover over the trend line to see the change range. This dynamic list responds to selecting other data elements in other widgets.
Reports (Analytics) FAQ and Data Validation
Read our Reports (Analytics) FAQ and Data Validation article here.