Compliance
The compliance tab of the application details section lets you generate various reports. Currently, Qwiet AI generates the following reports:
- OWASP 2021: displays the number of issues found for each OWASP 2021 category;
- OWASP 2017: displays the number of issues found for each OWASP 2017 category;
- PCI Report: displays information covering the application security-specific portions of the Payment Card Industry (PCI) Data Security Standard (DSS) v4.0. Qwiet AI focuses on eighteen specific requirements across sections 3, 4, 6, and 10 of PCI DSS and whether your app complies with each requirement.
- CWE: displays information about the CWEs in your application (if present) and the associated findings
Use the View report dropdown menu to switch between the report types.
- OWASP 2021
- OWASP 2017
- PCI DSS
- CWE
The OWASP 2021 report displays the number of findings in your application for each OWASP category (e.g., 10 total issues for A01 - Broken Access Control).
For each OWASP category, Qwiet AI displays the full list of issues encompassed by that category and whether that issue is present in your application. Clicking on the hyperlink will take you to a list of findings for that specific issue type (e.g., when you click on the Directory Traversal hyperlink, Qwiet AI will display a full list of findings indicating where in your source code this issue is present).
The OWASP 2017 report displays the number of findings in your application for each OWASP category (e.g., 3 total issues for A1 - Injection).
For each OWASP category, Qwiet AI displays the full list of issues encompassed by that category and whether that issue is present in your application. Clicking on the hyperlink will take you to a list of findings for that specific issue type (e.g., when you click on the HTTP Header Injection hyperlink, Qwiet AI will display a full list of findings indicating where in your source code this issue is present).
The PCI report covers eighteen application security-specific requirements spread across sections 3, 4, 6, and 10 of PCI DSS v4.0 and indicates whether your app complies with these requirements.
To obtain your report, click Export Report and indicate if you'd like to Export as PDF or Export as HTML.
The CWE report displays a list of CWEs and indicates whether those issues are present in your application. If a particular CWE is present in your application, you'll see information about the findings that introduced the issue.
To export your data, click Export Report and indicate if you'd like to Export as PDF or Export as HTML.
