About AppSec Report
If you're creating and benefiting from digital assets like applications and websites, then the Application Security report can help you understand the risk impact and SPR of such AppSec assets, i.e., Code Projects and Websites, on your organization.
The AppSec report grants you visibility into AppSec-filtered MTTR, Assets SLA Compliance, and Risk Mass. Use this actionable report to understand the impact of application vulnerabilities on your organizational cyber risk, prioritize remediation based on CWEs, and access AppSec-filtered assets and vulnerabilities tables to create remediation campaigns and fix application security weaknesses before they affect your users.
Before you dive in
First, make sure you cover the Analytics Filters and Data Drilling to learn about the expected behavior of the trends and presented data.
The AppSec KPIs are the first and main widgets you encounter when entering the AppSec report.
What each KPI represents?
What to strive for?
AppSec Security Posture Rating (SPR)
Percentage of AppSec assets that comply with your security posture policy (with a maximum risk score below the SPR risk threshold). The higher the SPR is, the more compliant your environment is with the organization's security posture. This KPI also indicates the % of positive (in green), or negative (in red) stats change compared to previous periods.
The higher the SPR is, the more compliant your environment is with the organization's security posture.
AppSec MTTR in days
"Mean Time To Remediate" is an industry-standard KPI for remediation progress. In this context, it represents the average time in days it takes to remediate vulnerability instances on AppSec assets. The days count starts when a campaign starts and ends when remediation is completed.
The lower the MTTR is the quicker your organization is remediating AppSec vulnerabilities.
AppSec Assets SLA Compliance
Percentage of compliant AppSec assets. I.e., the percentage of AppSec assets that are compliant with the SLA policy. The higher the SLA Compliance, the more compliant your AppSec-related environment is with the organization's security posture.
The higher the SLA Compliance, the more compliant your AppSec-related environment is with the organization's security posture.
Average Vulnerability Instances age and Risk Mass by Business Group
Scatter plot representing Business Groups with AppSec assets, comparing the Business Groups' Risk Mass and average vulnerability instances age. This widget helps you understand what AppSec Business Groups have the most impact on the organization's SPR. The AppSec Business Groups with the highest impact on your organizational SPR are located at the top-right quarter (in red). Strive to have your AppSec Business Groups at the bottom-left quarter of the scatter plot (in green) by remediating vulnerabilities on AppSec assets. By default, this widget displays Business Groups that contain at least one AppSec asset. To gain the most out of this widget, we recommend you create dedicated Business Groups that contain AppSec assets only. See "How to create an AppSec Business Group and why" for more details.
AppSec Vulnerability Instances by Risk Level
Count of vulnerability instances on AppSec assets by Risk Level (None, Low, Medium, High, and Critical).
Dynamic list of Application Security assets (Code Projects and Websites). Use the filters throughout the report to narrow down the list of assets.
AppSec Unique CWEs
Dynamic detailed list of unique CWEs on AppSec assets. The trend in the "Vuln. Instances" column indicates the change in the vulnerability instances count over the selected period of time. Hover over the trend line to see the change range. This dynamic list responds to selecting other data elements in other widgets.
AppSec Unique Vulnerabilities
Dynamic detailed list of unique vulnerabilities on AppSec assets. The trend in the "Assets" column indicates the change in the number of assets over the selected period of time. Hover over the trend line to see the change range. This dynamic list responds to selecting other data elements in other widgets.
Analytics FAQ and Data Validation
Read our Analytics FAQ and Data Validation article here.