This is an interesting project and I love the focus on OWASP API Security Top 10 insights that Akto can bring to the table.
Steps I followed
1) Set up an on-prem version 1.41.7 using docker compose.
2) Upload my test postman collection and run test iteration 1 selecting all available tests - no test role selected (default).
3) Run test iteration 2 on the same unchanged collection selecting all available tests - no test role selected (default).
4) Visit the dashboard and click on "Results" under Testing"
Note: No change in the API collection uploaded and same test were run as part of regression and confirmation of findings.
Issue 1: The vulnerabilities reported on UI during test 1 run show 3 (high), 1 (medium) and 52 (low) but the findings reported on UI for test 2 show 3(high), 1(medium) and 52 (low). - not sure why does it display inconsistent results. Screenshot 1 for reference
Screenshot 1:
Issue 2 - The exported report indicates 8 issues but the UI dashboard only 7 - not sure why data is is correct UI or the exported report?. Screenshot 2 for reference.
Screenshot 2 from Generated Report:
Screenshot 2 from Dashboard UI
Issue 3 - Test run 1 gave a risk score of 2 but for the same collection and same test ran again the risk score is 4. - not sure why data is is correct on UI test run 1 or subsequent test run ?
Unless I am missing something, such inconsistencies and regression issues make it difficult to digest the test results to investigate further on false positive or not. Any help or suggestions will be appreciated. Thanks!!
This is an interesting project and I love the focus on OWASP API Security Top 10 insights that Akto can bring to the table. Steps I followed
1) Set up an on-prem version 1.41.7 using docker compose. 2) Upload my test postman collection and run test iteration 1 selecting all available tests - no test role selected (default). 3) Run test iteration 2 on the same unchanged collection selecting all available tests - no test role selected (default). 4) Visit the dashboard and click on "Results" under Testing"
Note: No change in the API collection uploaded and same test were run as part of regression and confirmation of findings.
Issue 1: The vulnerabilities reported on UI during test 1 run show 3 (high), 1 (medium) and 52 (low) but the findings reported on UI for test 2 show 3(high), 1(medium) and 52 (low). - not sure why does it display inconsistent results. Screenshot 1 for reference Screenshot 1:
Issue 2 - The exported report indicates 8 issues but the UI dashboard only 7 - not sure why data is is correct UI or the exported report?. Screenshot 2 for reference.
Screenshot 2 from Generated Report:
Screenshot 2 from Dashboard UI
Issue 3 - Test run 1 gave a risk score of 2 but for the same collection and same test ran again the risk score is 4. - not sure why data is is correct on UI test run 1 or subsequent test run ?
Unless I am missing something, such inconsistencies and regression issues make it difficult to digest the test results to investigate further on false positive or not. Any help or suggestions will be appreciated. Thanks!!