Each vulnerability has a risk rating assigned. The following is a description of the different categories.
- High, Medium, Low: confirmed vulnerabilities with a different score that considers the impact and complexity.
- Hardening: absence of hardening measures that can prevent and mitigate the impact of certain vulnerabilities.
- Potentially: non-confirmed vulnerabilities that may depend on context and usage.
- Secure: applies to vulnerabilities and hardening mechanisms, this indicates that tests confirm the absence of the vulnerability, or the implementation of the security measure.
- Important, Info: Informative findings that can help with manual assessment, understanding of application behavior or confirming certain aspects of the application, like using a certificate to sign the application.