Manual ingestion of vulnerabilities for Application Vulnerability Response

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manual Ingestion of Vulnerabilities for Application Vulnerability Response

    This guide outlines the process for security professionals and application testers to manually ingest vulnerability findings into the Penetration Testing Workspace. It facilitates the documentation of vulnerabilities identified during application penetration tests and supports importing findings from external sources in Excel or CSV format.

    Show full answer Show less

    Key Features

    • Templates for Upload: Users can download templates for vulnerability ingestion, ensuring structured data input.
    • Automatic Form Creation: Each file upload generates a new penetration test form linked to the respective application, consolidating all findings.
    • Mandatory Fields: Essential fields must be filled to successfully process and create vulnerability records, including Application Name, Risk Rating, and more.

    Key Outcomes

    By following this process, users can effectively document and manage vulnerabilities within the Penetration Testing Workspace, ensuring accurate tracking and response to security threats. Proper adherence to the template requirements will prevent data processing issues and enhance the overall security posture of applications.

    Security professionals and application testers can create and manage the application penetration test findings within the Penetration Testing Workspace.

    The Penetration testing forms are available in the Penetration Testing Workspace to document the vulnerabilities identified in the core business applications.

    The security professionals and application testers can manually import findings from external sources and platforms using the provided templates in Excel or CSV format. All the vulnerability findings are made available in the Penetration Testing Workspace.

    To access and download the template for uploading to Penetration testing workspace, navigate to All > Manual AVIT Ingestion > Upload File UI.

    A new penetration test form is created for every file upload for the respective application. All the vulnerability findings within that upload are associated to the same penetration test form. The Application Name must match with the records in of the tables:
    • Application Table
    • Business Application Table
    • Scanned Application Table
    The Application Name is a mandatory field present in the template for identifying the vulnerabilities present within an application, associated to a penetration test form. Any record missing the Application Name will not be processed and skipped during vulnerability creation.
    Note:
    Mandatory fields in the template are necessary for processing the penetration test findings. It is necessary to ensure all the fields in the template are intact to prevent any issues during the processing of penetration test findings.
    Table 1. Mandatory fields required as part of template for penetration test finding creation
    Column Name Mandatory Description Available Options/ Max characters in strings
    Risk rating Mandatory Severity of the application vulnerable item

    Critical

    High

    Medium

    Low

    None (Default)
    Requested by Mandatory Requested by 151
    CWE category Mandatory(Fill only one column) CWE ID 255
    Vulnerability ID Mandatory(Fill only one column) Vulnerability ID 255
    Application Mandatory Application Name 255
    Purpose of application Mandatory Purpose of application 4000
    Types of sensitive data Mandatory List types of sensitive data accessible from applications 40
    List of compliance programs Mandatory List of compliance programs 4000
    Technology stack details Mandatory Technology stack details 4000
    Application team Mandatory Application team Name; group responsible for developing and maintaining software applications 100
    URLs to test Mandatory URLs to test 4000
    Steps to reproduce Mandatory Steps to reproduce 1000
    Technical details Mandatory Technical details 1000
    Assigned to Mandatory Assigned to (individual responsible for conducting penetration tests and generating security findings) 151
    Assignment group Mandatory Assignment group (group responsible for conducting penetration tests and generating security findings) 151