You can see scan results on the Vex "Results" screen.
Vex mechanically generates and sends requests, and verifies responses to them.
The detection logic is different for each signature.
Basically, each scan result needs to be carefully examined (i.e. verification of results).
[Related articles] "How Vex performs security scanning"
[How to verify scan results]
In the list of scan results, click the "Detail" button to display the details of the scan results in the right pane.
1. Check the description of the detected vulnerability
You can find out what kind of vulnerability exists.
2. Check "Detected reason"
When checking the "Detected reason" is not enough for verification, use the following features as well.
For more details of each feature, see User Guide "4.11.4. Web scanning results details".
-Compare with the original log.
Displays the source when a vulnerability is detected.
If the detected trigger is a string, it is highlighted in red, so you can also check the strings before and after it.
3. Verify scan results taking into account 1 and 2 above.
The method of verification depends on the detected vulnerabilities and where they are detected, but some typical verification points are described below.
-Whether or not the feature where a vulnerability is detected has a peculiar risk to the detected vulnerability
For example, in the case of SQL injection, you should check whether or not it has been detected on a feature to access the database.
-Verify the vulnerability detected
Verify the detection location and the reason for the detection, which allows you to identify any flaws in the specifications of the target.
*The cases of false positives
-Vex may detect a vulnerability related to a particular product due to the behavior of the target, despite the fact that it has not been used.
-Character strings randomly generated by the application side may coincidentally correspond to the scanning pattern in very rare cases. (e.g., when scanning to detect error messages).
In this case, it is important to verify whether the detection location can be the reason for the detected vulnerability and whether it can be reproduced.
-The response may be delayed depending on the specifications of the target server, as a large number of requests are sent during a scan.
Vex may detect a vulnerability due to the delay of response time when using the signature that determines if there are vulnerabilities by measuring the response time.
In that case, you need to verify whether the delay is caused by the server load or a vulnerability, by using the "Resend" feature described below to see whether it can be reproduced.
[Tips for verification]
Clicking . you can send the same request again.
You can check if the scan result can be reproduced or not by using this feature.
-A parent scan ID
If a vulnerability is detected by a signature that determines vulnerabilities from results of multiple requests, only the last request sent will appear in the scan result.
Click on the "Parent scan ID" link to see the request sent immediately before and its response.
[Related articles]"What is the "Parent scanning result ID" displayed in the "Scanning information"?"
-Edit the risk level
You can edit the risk level by clinking displayed next to the risk level.
The risk levels of vulnerabilities in Vex is based on CVSS v3.