Results & Remediation
When Detectify detects a vulnerability, it generates a finding. This page explains how to interpret findings, track their status, and remediate them. These concepts apply across all Detectify products — Application Scanning, API Scanning, Surface Monitoring, and Internal Scanning.
Anatomy of a Finding
Each finding includes:
- Title — The specific vulnerability class (e.g., “Reflected Cross-Site Scripting in search parameter”)
- Severity — The risk level (see Severity Levels)
- Affected target — The URL, endpoint, asset, or parameter where the issue was detected
- Proof of concept — The HTTP request that triggered the vulnerability and the response that confirms it, with highlighted evidence
- Description — What the vulnerability is, why it matters, and how an attacker could exploit it
- Remediation guidance — Steps to fix the issue, tailored to the vulnerability type
- References — Links to relevant standards (CWE, OWASP)
The proof of concept allows your team to reproduce the issue independently and verify their fix.
Finding Lifecycle
Findings progress through statuses automatically based on scan results:
| Status | Meaning |
|---|---|
| New | Detected for the first time in the latest scan |
| Active | Persists across multiple scans and has not been fixed |
| Fixed | No longer detected after previously being present |
| Regression | A previously fixed finding has reappeared |
Automatic Transitions
- New → Active when the vulnerability persists across scans
- Active → Fixed when the scanner no longer detects the vulnerability
- Fixed → Regression when a previously fixed vulnerability reappears
Prioritizing Remediation
Not all findings carry the same risk. Prioritize based on:
- Severity — Critical and High findings first
- Exposure — Public-facing endpoints over internal services
- Exploitability — Issues with clear proof-of-concept exploitation over those requiring complex preconditions
- Data sensitivity — Endpoints handling authentication, payment, or personal data
- Regressions — Previously fixed issues that reappear may indicate systemic problems
Remediation by Vulnerability Type
Injection Vulnerabilities
| Vulnerability | Key remediation |
|---|---|
| SQL Injection | Use parameterized queries or prepared statements. Never concatenate user input into SQL strings. |
| XSS | Encode output based on context (HTML, JavaScript, URL, CSS). Use Content Security Policy (CSP) as defense-in-depth. |
| Command Injection | Avoid passing user input to system commands. If unavoidable, use allowlists for acceptable values. |
| SSRF | Validate and restrict outbound request destinations. Block requests to private IP ranges and cloud metadata endpoints. |
| Path Traversal | Validate file paths against an allowlist of permitted directories. Do not rely on stripping ../ sequences. |
| XXE | Disable external entity processing in your XML parser configuration. |
| SSTI | Avoid passing user input directly into template rendering. Use sandboxed template engines where possible. |
| Prompt Injection | Implement input validation, output filtering, and system prompt protection. Separate user input from system instructions in LLM calls. |
Infrastructure Vulnerabilities
| Vulnerability | Key remediation |
|---|---|
| Subdomain Takeover | Remove DNS records pointing to deprovisioned services. Monitor for dangling records. |
| SSL/TLS Issues | Renew expired certificates, disable weak cipher suites and outdated protocols, configure HSTS. |
| Certificate Issues | Ensure certificates match the served domain, use trusted CAs, and monitor expiration dates. |
Validate Fixes
After applying a fix, run a follow-up scan to confirm the vulnerability has been resolved. Detectify automatically updates the finding status when a rescan confirms the fix.
Where possible, fix the underlying root cause rather than applying a point fix — if you find SQL injection in one endpoint, check all endpoints that construct SQL queries.
Filtering and Sorting
The findings view supports filters to help you focus on what matters:
- Severity — Show findings at or above a specific level
- Status — Filter by New, Active, Fixed, or Regression
- Asset — Scope to a specific domain, subdomain, IP, or endpoint
- Date range — Focus on findings discovered within a specific period
Exporting and Integrations
- CSV export — Download findings for spreadsheet analysis or external reporting
- API access — Retrieve and process findings programmatically via the Detectify API
- Integration sync — Route findings to Jira, Slack, Teams, and other tools automatically
- Finding links — Each finding has a unique URL you can share with developers