Application vulnerability

This topic describes the application's VULNERABILITY tab, which lists the vulnerabilities associated with the servers used by the application.

This tab is enabled when vulnerability assessment is configured. For more details, see Manage vulnerability assessment scanners.

VULNERABILITY interface

Note: This tab is shown only when AppViz has at least one vulnerability scanner configured and scan results to display. For details, see Manage vulnerability assessment scanners.

The application's vulnerability score is displayed in gauge at the top of the page, from 0 (many vulnerabilities, shown in red) to 100 (no vulnerabilities, shown in green). The gauge also shows the percentage of servers that are being scanned.

Below, the servers associated with the application are listed either on the SCANNED SERVERS or UNSCANNED SERVERS tabs. Unscanned servers are those servers for which AppViz has no vulnerability data.

Back to top

Vulnerability assessment ratings

AppViz calculates security ratings for servers and applications. Ratings range from 0-100, where 100 is the best score, with no vulnerabilities.

Security ratings are color-coded to indicate severity as follows:

  • Scores between 85-100: Green
  • Scores 80-85: Yellow
  • Scores 0-50: Red

AppViz assigns each vulnerability found with a CVSS score, and then uses all of the CVSS scores for a specific server to calculate that server's security rating. The server security rating is calculated using the following formula:

100 * [1 - (Min(Tvh,50)+Min(Th,20)+Min(Tm,10)+Min(Tl,5)) / (50+20+10+5)]

Where:

  • Tvh = Sum of all CVSS scores with 10 > score > 6.9
  • Th = Sum of all CVSS scores with 6.9 > score > 3.9
  •  Tm = Sum of all CVSS scores with 3.9 > score > 1.9
  • Tl = Sum of all CVSS scores with 1.9 > score > 0

Application severity is the average of security ratings for its half lowest scored servers.

Back to top

Scanned servers

For each server scanned, AppViz shows the relevant network object, vulnerability score, summary color strip, and the date of the last scan. For network objects that represent multiple IP addresses, the vulnerabilities for all relevant IP addresses are included.

Do one of the following:

  • Click the network object name to display details about the network object in a popup. From there, click Network object dashboard to jump to the network object details page.

  • Click the arrow for each server to expand the details of each vulnerability found. For example:

    From there, click a vulnerability name to drill down for more details from the scanner's system.

Back to top

Vulnerability scores

AppViz provides a security rating between 0-100 for each network object, as well as for each application.

The higher the security rating, the more secure the application or network object is. The colors indicate the security rating as follows:

  Low (0-30)
  Medium (31-60)
  High (61-90)
  Very high (91-99)
  No vulnerabilities found (100)
  No scan data found

Back to top