Security Issues Report

Applies to ReadyAPI 3.9, last modified on July 16, 2021

Security test reports contain information about the found vulnerabilities. ReadyAPI creates reports in the PDF format.

Create a security report

1. Run your security test

To generate a report, first run your security test. Run the test by clicking in the security test editor.

2. Generate a report

From the test editor
  1. After the security test run finishes, click View Summary Report:

    ReadyAPI: The View Summary Report button

    Click the image to enlarge it.

  2. In the dialog that appears, click View Full Report:

    ReadyAPI: The View Full Report button in the dialog

    Click the image to enlarge it.

    After that, ReadyAPI will open the report in the default PDF viewer.

From the toolbar
  1. After the test run is over, click Report on the ReadyAPI toolbar:

    ReadyAPI: Report button on the toolbar
  2. The Create Report dialog will appear:

    ReadyAPI: The create report dialog

    Click the image to enlarge it.

    Select the Security Issues Report report type.

  3. Specify the path to the folder where the report will be saved.

  4. Click OK.

    ReadyAPI will create the report in the specified folder and open it.

Report contents

Summary

The Summary section provides the following information:

  • Test start time.

  • Test duration.

  • The number of security scans performed.

  • The number of found issues.

  • Information about the scan that found issues (if any).

Detailed Info

The Detailed Info section provides additional information about each found issue. For each failed scan, you get a short summary and a table with details. The table contains the following information:

Line Information
Scan The name of the failed security scan.
Severity How important the issue is.
WARNING issues do not affect your security in a major way, but they reveal the potential issue that may cause problems under specific circumstances.
ERROR issues affect your security directly and should be solved immediately to ensure the security of your service.
Endpoint The tested endpoint.
Request The tested API request. The corresponding request is available in Projects.
Test Step The tested test step.
Modified Parameters The request parameters the security test modified.
Response The raw response the service sent.
Alerts What caused the issue.
Action Points A short recommendation on resolving the issue.
CWE-ID The Common Weakness Enumeration ID number of the issue.
Issue Number The issue index in the report. Aligned to the right.

Known issues

This type of reports uses some Microsoft core fonts. Not all Linux installations include these fonts. If you have issues with creating reports, install the mscorefonts package applicable to your Linux distributive, and then copy TTF files from /usr/share/fonts/truetype/msttcorefonts to the <ReadyAPI Installation>/jre/lib/fonts directory.

Make sure to specify the <ReadyAPI Installation>/bin/reports directory in the Custom Reports Library field of the File > Preferences > ReadyAPI window.

See Also

Data Export For Automation Report
Security Test Report
Security Test Reports

Highlight search results