Verification status
Verification indicates the verification status of a Countermeasure, as indicated by an automated scanning solution or manual verification. The verification section provides assurance that a Countermeasure has actually been completed.
There are four possible states for verification status:
-
No status: No verification status is available.
-
Fail: A vulnerability was identified.
-
The Countermeasure has not been completed correctly.
-
-
Pass: If the scanning solution or manual test did not identify any vulnerabilities and there is a low likelihood of a false negative with supported technologies.
-
Partial pass: If the scanning solution or manual test did not identify any vulnerabilities and there is some likelihood of a false negative.
-
Alternatively, the scanning solution or manual test can only test a portion of the vulnerability.
-
You may wish to supplement these Countermeasures with additional manual testing.
-
For example, using an automated scanning solution, such as Veracode, to check/verify that the application binds variables in SQL statements to prevent against SQL injection.
Each verification tool leaves a note in the system with the following fields:
-
Status: Fail, pass, or partial pass.
-
Date: When the test results were imported.
-
Details: Information about the verification result(s).
-
History: If you have previously imported other scanner results, the previous results will appear in the history.
-
Results are grouped by the specific verification tool you use (such as Fortify, Veracode, or HCL AppScan), and sorted in chronological order from newest to oldest.
-