Organizations
      Back to home
      1. Help Center
      2. Documentation
      3. Organizations

      Findings

      Currently, all of our identified vulnerabilities are documented as findings. A finding represents a specific security issue discovered during testing and contains all necessary technical information to understand, reproduce, and address the problem.

      Finding Status

      Findings can have multiple statuses:

      • Open: The vulnerability has been reported but has not yet been reviewed.
      • Triaged: The issue has been confirmed by the Ethiack triage team.
      • Informative: The issue does not represent a direct security threat but is noted for awareness or best practices.
      • Duplicated: The same issue has already been reported in another finding.
      • Accepted: The issue is valid but will not be fixed, typically due to acceptable risk or business reasons.
      • Fixed: The issue has been addressed and is no longer reproducible.

      Finding Structure

      Each finding has the following sections:

      1. Description

      A summary of the vulnerability, including what the issue is, where it occurs, and the nature of the risk.

      Example:

      A Cross-Site Scripting (XSS) vulnerability was found in the search field of the /products page. An attacker could inject malicious JavaScript code that is executed in the browser of other users.

      2. Steps to Reproduce

      Step-by-step instructions to trigger the vulnerability. These steps help developers or engineers confirm the issue.

      Example:

      1. Go to https://example.com/products.
      2. In the search box, enter: <script>alert('XSS')</script>.
      3. Press Enter.
      4. Observe that a JavaScript alert is triggered, indicating that the payload was executed.

      3. Evidence

      Proof that the issue exists. This can include screenshots, request/response captures, or logs.

      Example:

      Screenshot showing the JavaScript alert being triggered in the browser after injecting the payload.

      4. Impact

      Explanation of what could happen if the vulnerability is exploited. This should describe the potential damage or security breach.

      Example:

      Successful exploitation of this issue allows attackers to execute arbitrary JavaScript in users' browsers, which could lead to session hijacking, phishing, or data theft.

      5. Mitigation Recommendations

      Advice on how to fix or reduce the risk of the vulnerability. This includes secure coding practices, configuration changes, or defense-in-depth suggestions.

      Example:

      • Properly sanitize and encode user input before rendering it in the HTML output.
      • Use frameworks or libraries that automatically escape user input.
      • Implement a strict Content Security Policy (CSP) to mitigate XSS.

      How to Access Your Findings

      To access your findings, simply log in to the Ethiack Portal and click on the “Findings” option in the menu on the left side of the screen. This page will display all the findings related to your organization.