Interpreting XBOW results
XBOW identifies security vulnerabilities in your application and provides detailed findings to help you understand and remediate security issues.
How XBOW identifies vulnerabilities
XBOW deploys autonomous agents that run real attacks against your application in parallel, adapting based on application responses. The platform requires objective proof before reporting a finding.
Validated findings include:
- CVSS severity score
- Common Weakness Enumeration (CWE)
- Impact assessment
- A full exploit
- Reproduction steps
- Evidence
- Mitigation guidelines
- A full trace log for the test
For more information, see How XBOW Works on the XBOW website.
Classifying findings
XBOW classifies findings into two main categories based on the level of verification and risk.
-
Validated findings: Confirmed security vulnerabilities where XBOW has successfully exploited the weakness. These findings include a full exploit, reproduction steps, and evidence. These are confirmed exploitable vulnerabilities with no false positives.
-
Informational findings: Potential security issues or unusual configurations that XBOW cannot definitively exploit. These indicate departures from security best practices or configurations that could become vulnerabilities under certain conditions.
Prioritize fixing the validated findings because these are confirmed as security vulnerabilities in your application. Then review the informational findings to improve your security posture.
Reported vulnerability classes
XBOW groups the vulnerabilities it detects based on CWE classifications.
For details of the vulnerability classes reported by XBOW and which classes have a validator, see Vulnerability classification.