Skip to main content

Result Flow

The Result Flow page displays the individual API flows, which involve the vulnerabilities discovered in the service. The result flows are displayed between result blocks. The result blocks are labeled with the name of the service, the language, and the discovered vulnerability.

The information on this page helps answer the following questions:

  • What are the connections between the services that are part of the flow?

  • What are the connections between the vulnerabilities that were discovered in the services that are part of the project?

    Service_Flows_6.png

A single service flow can contain multiple result flows, because IAST can find multiple results for a single user interaction with an application.

Each row shows specific results (vulnerabilities) that are part of the selected service flow.

Note

If Flows w/o Inputs is enabled, result flows that end with vulnerabilities without inputs are omitted from being displayed to avoid crowding the user interface with information of minor importance.

Filters

  • To filter for specific vulnerabilities, click Select queries, located on the top-right of the page, and select one or more types of vulnerabilities.

  • To filter for vulnerability severity, click Severity, located on the top-right of the page, and select one or more levels of vulnerability severity.

  • To remove all the filters, click Reset, located on the top-right of the page.

To view detailed information on a specific vulnerability:

  • Click the relevant scan result block, for example bank_storage_new with Blind_SQL_Injection. The Mini Map opens with detailed information on the scan results and the specific vulnerability. For additional information and illustrations, refer to the Mini Map.

    Service_Flows_7.png