10-14-2013 09:51 PM
I have over 3x years worth of scans stored in AMP, from which im wanting to pull out various statistics.
In particular I'm wanting to find a way to report on which of my sites have ever had any form of Cross Site Scripting, as this is one of the biggest issues faced by my workplace.
Through the Dashboard's Top 5 Vulnerabilities WebPart I am able to determine which sites currently have XSS, based on the results from the most recent scan, where XSS is considered any of the following:
- Cross Site Scripting
- Filter Evasion Cross Site Scripting
- HTML Tag Injection
- JSON Hijacking/Injection
- Cross-Frame Scripting
... and possibly more
I would like to produce a similar report, which takes into account all of a site's previous scans, not just the most recent.
I don't require this to be available via the Dashboard and have also have read access to the AMP Database, so a SQL Query to retrieve this information would suffice.
Solved! Go to Solution.
10-30-2013 08:36 AM
11-20-2013 12:18 PM
Fortify Support (Dev) could better answer this, but maybe you can run a SQL Query against both the AMP and/or WebInspect Enterprise databases such as:
select * from scan_stats_checks where CheckID =45 (or whatever the CheckID is for the vulnerability you are seeking)
This will return ScanID, CheckID, Count.
-- Habeas Data