1. Home
  2. Getting Started
  3. Application Structure

Application Structure

This guide provides a detailed walk through the different sections of the Dashboard and provides an introduction to other pages in AppSec Phoenix.

Dashboard

1. Introduction

AppSec Phoenix aims to simplify the way application security control is done, and it starts with the Dashboard. The Dashboard gives a high-level overview of the organisation’s overall status and serves as the default page upon successfully signing into your AppSec Phoenix account.

In situations where each second counts, AppSec Phoenix’s Dashboard offers a user-friendly and highly intuitive all-in-one graphical interface that makes it easy for you to monitor and access crucial information. This data then enables you to manage your security posture with only a few clicks, allowing you to proactively address vulnerabilities at the onset. Such powerful capabilities provide  increased reliability for mission-critical applications. 

The whole Dashboard can be printed as a downloadable PDF report by clicking the Print Report button at the top right corner of the page.

2. Parts of the Dashboard 

The Dashboard is designed to highlight the most important data using a clean and organised single-page layout. By employing familiar visuals such as graphs, heat maps, and speedometer-like dials, as well as colour-coded severity indicators, you can quickly identify and prioritize what needs to be attended to:

  • Red – Critical Severity
  • Orange – High Severity
  • Yellow – Medium Severity
  • Green – Low Severity
  • Blue – No Risk

Here are the parts of the Dashboard:

The Navigation Menu gives you easy access to the other pages of AppSec Phoenix. Found at the left side of the Dashboard and all other pages, it remains fixed there even while you scroll up or down the pages.

Each menu item has its own icon for visual identification. Several menu items like Applications, Integrations, and Vulnerability are expandable to reveal more options.

At the lower part of the Navigation Menu, you can find your account information such as your username and email address.

Click on your profile icon or username if you need to open your profile page and update your account information.

Lastly, the Logout option is found at the lowest portion of the Navigation Menu. Click this option when you’re done with your session to log out properly and ensure your account remains secure.

Overall Company Risk Score 

Strategically located at the top of the Dashboard, the Overall Company Risk Score provides the general status of your organisation.

Using a familiar speedometer-like dial chart, the colour-coding mechanism and easy-to-read text, it tells you the current severity level.

Additional options are available at the bottom, including:

  • Reporting – generate a report 
  • Details – opens the overall Vulnerability page 

Overall Risk Breakdown 

The Overall Risk Breakdown provides a risk assessment overview based on severity. Located at the top of the Dashboard beside Overall Company Risk Score, this section employs a pie graph visual with colour-coded design representing the different risk levels and their corresponding percentage of vulnerabilities at each level.  

Average Severity per Vulnerability Type 

The Average Severity Per Vulnerability displays your application’s current average level of severity for each type of vulnerability.  This is a simple average of vulnerability severity per type, and doesn’t involve the more sophisticated risk aggregations performed at the overall Component, Application and Organisation levels.

It is made up of four visual indicators which, like the Overall Company Risk Score section, are colour-coded speedometer-like dial charts. One for each for the following vulnerability type:

  • Web Facing App Risk
  • FOSS & Library Risks
  • SAST
  • Cloud

Apps Above Tolerance and Apps Below Tolerance 

Apps Above Tolerance and Apps Below Tolerance are sections that provide a real-time list of the organisation’s Applications that are above and below the threshold level respectively. 

This section is divided into two columns:

  • Apps Above Tolerance – the left side column that lists down the apps that are above their current threshold.
  • Apps Below Tolerance – the right side column that lists down the apps that are below their current threshold.

Overall Impact Exposure 

The Overall Impact Exposure provides a snapshot of the potential effect on the financial aspect of the vulnerabilities detected for the organisation, broken down into risk levels. A colour-coded bar chart on the left side represents the visual interpretation of the potential financial impact or Exposure as a result of the threats. Beside it, is a tabulated summary showing the breakdown of Exposure for each risk level.

Vulnerability Count Evolution

The Vulnerability Count Evolution section gives you a glimpse of the historical data showing the number of vulnerabilities detected per risk level for the past month in a line chart format.

Hovering your mouse over a particular date provides the number of vulnerabilities per risk level on that date. You can also hide or display a risk level on the line chart by clicking its corresponding colour on the legend found at the top of the chart.

The chart itself can be downloaded as a PNG file by clicking the download icon found at the top right corner of the section.

Organisation Risk Evolution 

The Organisational Risk Evolution section gives you a comparative display of the critical vulnerabilities vs the tolerance level over the course of one month. Hovering your mouse over a particular date provides the number of vulnerabilities on that date. 

The chart itself can be downloaded as a PNG file by clicking the download icon found at the top right corner of the section.

The orange Set Overall Risk Tolerance button opens a new dialog box that lets you set the Tolerance Level to any reference value you want to serve as your “Organizational Threshold”.

You have two options to set the Organizational Threshold:

  1. Set Without Override – the orange button that lets you set the value just for the Organisational Risk Evolution section. This change will not affect applications that have their own threshold value set.
  2. Override – the red button that lets you set the value globally throughout the whole application. This change will override the existing threshold value set for the whole system, including applications that currently have their own values set, effectively setting all apps at the same threshold.

Impact & Severity Explorer 

The Impact & Severity Explorer section utilises two intuitive and interactive graphical interfaces called Dynamic Views that let you drill down and examine the vulnerabilities or risks of each component running your application and how these would contribute to the bigger picture which is your overall company risk.

The first Dynamic View is a colour-coded interactive heat map which allows you to prioritise and check which components need your immediate attention and action. All of this can be done with less effort and time consumed with just a few mouse clicks.

The second Dynamic View takes the form of a multi-layer doughnut-shaped chart with the same goal of letting you examine vulnerabilities or risks to each application with ease, and how this contributes to your overall organisational risk.

Pages

Complementing the Dashboard are the individual pages designed with the same user-friendly layout and design as the Dashboard, allowing you to customise your AppSec Phoenix account settings, drill down into specific information, and perform preemptive actions that will ultimately minimize, if not totally eliminate, any service-impacting attacks on your application.

AppSec Phoenix has six main pages that can be easily accessed through the navigation menu:

1. Environments 

The Environments page provides a quick look at your Environments’ overall health and risk assessment. This page also lets you perform other actions such as create or import a new Environment, export existing Environments, and download the Environment template.

2. Applications

The Applications page lets you manage your Applications as well as view a more detailed information of the status of each application. 

There are two sub-pages under Applications page:

Application Risk View – gives you a risk assessment overview of your applications as well as the options to perform several actions such as adding new applications, editing existing applications, deleting applications, and export or import application data.

Application Risk Details – provides a more detailed risk assessment for each component of your application. A drop down menu lets you switch from one component to another.

3. Integrations

Integrations extend the capabilities of AppSec Phoenix, and the Integrations page lets you set up these third-party services in order for them to become part of your own AppSec Phoenix workflow.

The Integrations page is divided into two:

Scanners – lets you add and manage third-party vulnerability scanners that you want to use in your AppSec Phoenix account.

Workflows – lets you create workflows as well as set up and manage third-party workflow applications such as Jira.

4. Vulnerability

The Vulnerability page is the core of your AppSec Phoenix account. This page provides you with complete details of vulnerabilities for each component of your application, add comments and tags to each component, create incident tickets via Jira integration, and mark any vulnerability as false positive.

Aside from the main Vulnerability page that lists down all components across all Vulnerability Types (All), it also consists of four sub-pages that correspond to each Vulnerability Type:

  • Cloud
  • FOSS (Free and Open Source Software) 
  • Web
  • SAST (Static Application Security Testing)

5. Users Management

The Users Management page lists down the users who have access to your organisation’s AppSec Phoenix instance. Here you can also add and delete users, set permissions or roles, and search for existing users. 

6. Organisation Settings

The Organisation Settings page lets you configure different settings such as Threshold Level and Currency that will apply globally to the whole AppSec Phoenix instance of your application. 

In addition, this page also has a feature that lets you import demo data to your AppSec Phoenix instance. It also displays the current number of user licenses used and remaining.

Updated on September 2, 2021

Related Articles

x Logo: ShieldPRO
This Site Is Protected By
ShieldPRO