Security test reports contain information about the found vulnerabilities. ReadyAPI creates reports in the PDF format.
To generate a report, first run your security test. Run the test by clicking in the security test editor.
After the security test run finishes, click View Summary Report:
In the dialog that appears, click View Full Report:
After that, ReadyAPI will open the report in the default PDF viewer.
After the test run is over, click
on the ReadyAPI toolbar:
The Create Report dialog will appear:
Select the Security Issues Report report type.
Specify the path to the folder where the report will be saved.
Click OK.
ReadyAPI will create the report in the specified folder and open it.
The Summary section provides the following information:
Test start time.
Test duration.
The number of security scans performed.
The number of found issues.
Information about the scan that found issues (if any).
The Detailed Info section provides additional information about each found issue. For each failed scan, you get a short summary and a table with details. The table contains the following information:
Line | Information |
---|---|
Scan | The name of the failed security scan. |
Severity | How important the issue is. WARNING issues do not affect your security in a major way, but they reveal the potential issue that may cause problems under specific circumstances. ERROR issues affect your security directly and should be solved immediately to ensure the security of your service. |
Endpoint | The tested endpoint. |
Request | The tested API request. The corresponding request is available in Projects. |
Test Step | The tested test step. |
Modified Parameters | The request parameters the security test modified. |
Response | The raw response the service sent. |
Alerts | What caused the issue. |
Action Points | A short recommendation on resolving the issue. |
CWE-ID | The Common Weakness Enumeration ID number of the issue. |
Issue Number | The issue index in the report. Aligned to the right. |
This type of report uses some Microsoft core fonts. Not all Linux installations include these fonts. If you have issues with creating reports, install the mscorefonts package applicable to your Linux distributive, and then copy TTF files from /usr/share/fonts/truetype/msttcorefonts
to the <ReadyAPI Installation>/jre/lib/fonts
directory.
Make sure to specify the <ReadyAPI Installation>/bin/reports
directory in the Custom Reports Library field of the File > Preferences > ReadyAPI window.