Manual ingestion of vulnerabilities for Application Vulnerability Response

  • Release version: Xanadu
  • Updated April 29, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manual ingestion of vulnerabilities for Application Vulnerability Response

    Security professionals and application testers can effectively manage application penetration test findings through the Penetration Testing Workspace. This process allows for the manual ingestion of vulnerabilities using Excel or CSV templates, ensuring that identified vulnerabilities are documented and organized efficiently.

    Show full answer Show less

    Key Features

    • Manual import of findings from external sources using provided templates.
    • Creation of a new penetration test form for each file upload, consolidating findings under one form.
    • Mandatory fields in the template ensure accurate processing of vulnerability data.
    • Access to templates is available through the navigation path: All > Manual AVIT Ingestion > Upload File UI.

    Key Outcomes

    By adhering to the mandatory fields in the template, such as Application Name, Risk Rating, and Vulnerability ID, users can ensure that vulnerability findings are processed correctly. Missing mandatory information will lead to records being skipped, which emphasizes the importance of completeness in data entry. Proper management of vulnerabilities enhances overall application security and compliance.

    Security professionals and application testers can create and manage the application penetration test findings within the Penetration Testing Workspace.

    The Penetration testing forms are available in the Penetration Testing Workspace to document the vulnerabilities identified in the core business applications.

    The security professionals and application testers can manually import findings from external sources and platforms using the provided templates in Excel or CSV format. All the vulnerability findings are made available in the Penetration Testing Workspace.

    To access and download the template for uploading to Penetration testing workspace, navigate to All > Manual AVIT Ingestion > Upload File UI.

    A new penetration test form is created for every file upload for the respective application. All the vulnerability findings within that upload are associated to the same penetration test form. The Application Name must match with the records in of the tables:
    • Application Table
    • Business Application Table
    • Scanned Application Table
    The Application Name is a mandatory field present in the template for identifying the vulnerabilities present within an application, associated to a penetration test form. Any record missing the Application Name will not be processed and skipped during vulnerability creation.
    Note:
    Mandatory fields in the template are necessary for processing the penetration test findings. It is necessary to ensure all the fields in the template are intact to prevent any issues during the processing of penetration test findings.
    Table 1. Mandatory fields required as part of template for penetration test finding creation
    Column Name Mandatory Description Available Options/ Max characters in strings
    Risk rating Mandatory Severity of the application vulnerable item

    Critical

    High

    Medium

    Low

    None (Default)
    Requested by Mandatory Requested by 151
    CWE category Mandatory(Fill only one column) CWE ID 255
    Vulnerability ID Mandatory(Fill only one column) Vulnerability ID 255
    Application Mandatory Application Name 255
    Purpose of application Mandatory Purpose of application 4000
    Types of sensitive data Mandatory List types of sensitive data accessible from applications 40
    List of compliance programs Mandatory List of compliance programs 4000
    Technology stack details Mandatory Technology stack details 4000
    Application team Mandatory Application team Name; group responsible for developing and maintaining software applications 100
    URLs to test Mandatory URLs to test 4000
    Steps to reproduce Mandatory Steps to reproduce 1000
    Technical details Mandatory Technical details 1000
    Assigned to Mandatory Assigned to (individual responsible for conducting penetration tests and generating security findings) 151
    Assignment group Mandatory Assignment group (group responsible for conducting penetration tests and generating security findings) 151