Introduction

Examples are additional data points stored against an asset and a finding. An example is an instance of a finding relating to an asset. This serves as the evidence to prove a finding or to help a client reproduce the issue.

Examples can are generally expanded descriptions of issues that include screenshots, code samples, request/response data (from network communications such as HTTP proxy logs), etc.

Access control

Access to examples is based on access to the finding. If the user can access the finding, they can access the example content.

The example list

The example list is available on the finding view:

Examples are nested under assets. An example can only be linked to a single asset - i.e. the example is the instance of a finding relating to the asset. An asset can have multiple examples associated with it, however.

Adding/Editing examples

Adding or editing an example is carried out from the finding view via the "ADD -> Example" button. Once the edit window is open, the user can set the title, associate with an asset and add any additional data points or deleted descriptions via the WYSIWYG field.

Outputting examples in reports

It is possible to include/exclude examples for reporting purposes. Selecting the example and setting it to output = yes/no will influence whether or not the example is output when generating a report. This can be useful in cases where you may have many examples, but only require a selection for illustration purposes.

By default, examples imported from tools are always set to output.

Deleting examples

Examples can be deleted from the finding view by selecting them and deleting them:

Adding examples is done on the Finding view. Scroll down to the end of the finding, and click the Add → Example option. This provides you with a large window for entering in evidence (text, screenshots) and also setting meta information about the example: