Verification status

Verification indicates the verification status of a Countermeasure, as indicated by an automated scanning solution or manual verification. The verification section provides assurance that a Countermeasure has actually been completed.

There are four possible states for verification status:

  • No status: No verification status is available.

  • Fail: A vulnerability was identified.

    • The Countermeasure has not been completed correctly.

  • Pass: If the scanning solution or manual test did not identify any vulnerabilities and there is a low likelihood of a false negative with supported technologies.

  • Partial pass: If the scanning solution or manual test did not identify any vulnerabilities and there is some likelihood of a false negative.

    • Alternatively, the scanning solution or manual test can only test a portion of the vulnerability.

    • You may wish to supplement these Countermeasures with additional manual testing.

For example, using an automated scanning solution, such as Veracode, to check/verify that the application binds variables in SQL statements to prevent against SQL injection.

Each verification tool leaves a note in the system with the following fields:

  • Status: Fail, pass, or partial pass.

  • Date: When the test results were imported.

  • Details: Information about the verification result(s).

  • History: If you have previously imported other scanner results, the previous results will appear in the history.

    • Results are grouped by the specific verification tool you use (such as Fortify, Veracode, or HCL AppScan), and sorted in chronological order from newest to oldest.

results matching ""

    No results matching ""