Skip to main content

Overview

The Vulnerabilities section is your central hub for exploring and managing security findings discovered during red team assessments. Each finding represents a potential security concern that MindFort has identified and, where possible, successfully exploited with proof-of-concept evidence.
Source of Truth: The vulnerabilities table serves as a source of truth, not a point-in-time snapshot. MindFort continuously adds new vulnerabilities as they’re discovered and removes ones that can no longer be detected or have been resolved.

Exploring Findings by Target

Target Selection

Navigate to Vulnerabilities to see all your targets:
  • Each target shows a summary of findings and severity distribution
  • Click any target to dive into detailed findings for that application
  • Recent activity and assessment results are displayed for context

Target Overview

When you select a target, you’ll see:
  • Overview Dashboard: Key metrics and severity breakdown for this target
  • Severity Charts: Visual representation of finding distribution over time
  • Recent Activity: Latest assessments and newly discovered issues
  • Trend Analysis: How your security posture has changed

Finding Management Interface

Findings Tab

The main findings interface provides powerful management tools:

Search and Filter Options

  • Search Box: Find specific findings by name, description, or CVE
  • Type Filter: Filter by vulnerability category (XSS, SQL injection, etc.)
  • Severity Filter: Show only Critical, High, Medium, Low, or Info findings
  • Exploitability Filter: Focus on Exploitable, Potentially Exploitable, or Non-Exploitable issues

Finding List Features

  • Sortable Columns: Order by severity, discovery date, or exploitability
  • Bulk Selection: Select multiple findings for batch operations
  • Status Indicators: Visual markers for new, in-progress, or resolved findings
  • Quick Actions: Archive, delete, or retest directly from the list
Use bulk selection to efficiently archive or delete multiple resolved findings at once.

Archived and Deleted Findings

Archived Tab

  • Review findings you’ve marked as resolved or no longer relevant
  • Restore archived findings if they become relevant again
  • Maintain historical record of addressed security issues

Deleted Tab

  • View permanently removed findings (may be feature-gated based on your plan)
  • Audit trail for compliance and security reviews
  • Understand what has been definitively resolved
Deleted findings cannot be restored. Use archiving for findings you might need to reference later.

Finding Details

Opening Finding Details

Click any finding to open the detailed drawer with comprehensive information:

Core Information

  • Detailed Description: Technical explanation of the vulnerability
  • Severity Rating: Critical, High, Medium, Low, or Info
  • Exploitability Assessment: How likely this can be exploited in practice
  • Contextual Risk Score: MindFort’s intelligent scoring that considers your specific application, users, business context, and other vulnerabilities

Red Team Evidence

  • Exploitation Screenshots: Visual proof of successful attacks
  • Proof-of-Concept Code: Working exploits and payloads
  • Attack Reproduction Steps: Detailed methodology for testing
  • Business Impact Analysis: Real-world implications for your organization

Remediation Information

  • Fix Recommendations: Specific steps to address the vulnerability
  • Code Patches: Downloadable patches when available (especially for code findings)
  • Configuration Changes: Infrastructure or application setting adjustments
  • Validation Steps: How to verify the fix was successful

Team Collaboration

Comments and Discussion

  • Add Comments: Collaborate with your team on findings
  • Tag Team Members: Notify specific people about issues
  • Track Progress: Document remediation efforts and decisions
  • Historical Record: Maintain audit trail of all discussions

Voting and Prioritization

  • Vote on Findings: Help prioritize issues based on team consensus
  • False Positive Flagging: Mark findings that don’t apply to your environment
  • Custom Severity: Adjust priority based on your business context
  • Assignment: Assign findings to specific team members

Remediation Workflow

Starting Remediation

For supported finding types:
1

Review Finding Details

Understand the vulnerability, its impact, and exploitation evidence.
2

Click Remediate

Use the “Remediate” button to access automated fix suggestions.
3

Download Patches

For code findings, download patch diffs and apply them in your repository.
4

Implement Fixes

Apply recommended changes to your code, configuration, or infrastructure.
5

Validate Resolution

Use the “Retest” feature to verify the issue is resolved.

Remediation Types

Code Vulnerabilities

  • Patch Downloads: Generated code fixes as diff files
  • Line-by-Line Guidance: Specific code changes with explanations
  • Security Best Practices: Prevent similar issues in the future
  • Testing Recommendations: How to verify fixes work correctly

Runtime Vulnerabilities

  • Configuration Guidance: Server and application setting changes
  • Infrastructure Updates: Network, firewall, or deployment modifications
  • Third-Party Updates: Library, framework, or dependency upgrades
  • Process Improvements: Development and deployment workflow enhancements

Red Team Findings

  • Root Cause Analysis: Understanding why the exploit was possible
  • Systematic Fixes: Addressing the underlying security weakness
  • Defense in Depth: Implementing multiple layers of protection
  • Monitoring Recommendations: Detecting similar attacks in the future

Advanced Features

Retesting Findings

After implementing fixes:
1

Select Fixed Findings

Use bulk selection to choose findings you’ve addressed.
2

Click Retest

Use the “Retest” button to re-verify a set of findings.
3

Monitor Retest Progress

Track the validation process to ensure fixes are effective.
4

Review Results

Confirm findings are resolved or identify any remaining issues.
Retest functionality may be available based on your workspace configuration and subscription plan.

Bulk Operations

Efficiently manage multiple findings:
  • Bulk Archive: Mark multiple resolved findings as archived
  • Bulk Delete: Permanently remove findings (use with caution)
  • Batch Retest: Validate fixes across multiple findings simultaneously
  • Export Selection: Generate reports for specific finding sets

Advanced Filtering

Create complex queries to find specific issues:
  • Combine Filters: Use multiple criteria simultaneously
  • Date Ranges: Focus on findings from specific time periods
  • Custom Queries: Search descriptions and technical details
  • Saved Filters: Store commonly used filter combinations

Understanding Risk Prioritization

Severity-Based Prioritization

  1. Critical Findings: Immediate business risk requiring urgent action
  2. High Findings: Significant security gaps needing prompt attention
  3. Medium Findings: Important issues for regular maintenance cycles
  4. Low Findings: Minor issues to address when convenient
  5. Info Findings: Awareness items and security recommendations

Exploitability-Focused Approach

Prioritize based on real-world risk:
  1. Exploitable + Critical/High: Immediate threat requiring emergency response
  2. Exploitable + Medium: Significant risk for next sprint planning
  3. Potentially Exploitable: Context-dependent risk requiring analysis
  4. Non-Exploitable: Lower priority, address during regular maintenance
Focus first on Critical and High severity findings marked as Exploitable - these represent immediate business risk with proven attack methods.

Best Practices

Regular Review Workflow

  1. Daily Triage: Review new findings from overnight assessments
  2. Weekly Planning: Assign findings to development sprints
  3. Monthly Cleanup: Archive resolved findings and update tracking
  4. Quarterly Analysis: Trend analysis and security posture reporting

Team Collaboration

  • Clear Assignment: Assign findings to specific team members or teams
  • Progress Updates: Use comments to track remediation efforts
  • Knowledge Sharing: Document lessons learned for future prevention
  • Cross-Team Communication: Involve DevOps, Security, and Development teams

Remediation Tracking

  • Document Fixes: Record what was changed to address each finding
  • Validation Evidence: Screenshot or document successful retests
  • Timeline Tracking: Monitor how long different types of issues take to resolve
  • Pattern Recognition: Identify recurring vulnerability types for process improvement

Troubleshooting

Findings Not Appearing

Check:
  • Correct time frame and filters applied
  • Target selection is accurate
  • Assessment completed successfully
  • Page refresh may be needed

Retest Feature Unavailable

Possible Reasons:
  • Feature may be disabled in your workspace
  • Insufficient credits or plan limitations
  • Finding type not supported for retesting
  • Contact admin or support for clarification

Remediation Downloads Failing

Solutions:
  • Check browser popup/download settings
  • Try different browser or disable ad blockers
  • Ensure stable internet connection
  • Contact support if downloads consistently fail

Bulk Operations Not Working

Common Issues:
  • No findings selected (check selection boxes)
  • Insufficient permissions for bulk operations
  • Mixed finding types that don’t support the operation
  • Browser timeout for large operations - try smaller batches
I