Request a vulnerability be dismissed as Zero Risk | Fluid Attacks Help

Request a vulnerability be dismissed as Zero Risk

Info on required role
Role required: User, Vulnerability Manager or User Manager
Note on zero risk requests
Note: Zero Risk requests generated by members with the User role must be approved by a Vulnerability Manager or User Manager before they are considered by Fluid Attacks. Without this member's approval, the reported vulnerability will break the build when Users attempt to deploy the system version containing it.

There is a treatment that you can request for any reported vulnerability when, according to a judicious analysis by your organization, said vulnerability poses no threat. This treatment appears as "Request zero risk" within the treatment options on Fluid Attacks' platform.

You can submit your request either from the vulnerability's information window or the window to edit vulnerabilities. The latter allows you to request the treatment for more than one vulnerability.

Follow these steps to use the "Request zero risk" option from the information window.
  1. In the Vulnerabilities section, click on the type of vulnerability in question to see its location(s).

  2. Click on the intended location.
    3. Click on a vulnerability to see information on the Fluid Attacks platform

  3. In the information window, click on the Treatments tab.
    4. Access the Treatments tab on the Fluid Attacks platform

  4. Select Request zero risk from the Treatment dropdown menu.
    5. Find Request zero risk in the Treatments tab on the Fluid Attacks platform

  5. Write a justification for your request, optionally add or remove tags, and click the Confirm button.
    6. Write a justification in the Treatments tab on the Fluid Attacks platform
Fluid Attacks will read your justification to consider whether the vulnerability actually poses no threat at all, in which case Fluid Attacks will delete it from the Locations table. However, if Fluid Attacks still considers there is risk caused by that vulnerability, then it will remain reported.

The following are the steps to request the treatment from the window to edit vulnerabilities.
  1. In the Vulnerabilities section, click on the type of vulnerability in question to see its location(s).

  2. In the Locations section, tick the checkbox next to the reported vulnerability for which you want to assign the treatment. Then click on Edit.
    3. Choose a vulnerability to edit it on the Fluid Attacks platform
    Advice on editing treatments in bulk
    If you want to assign the treatment "Request zero risk" to more than one vulnerability, tick their corresponding checkboxes and click the Edit button.
  3. Select Request zero risk from the Treatment dropdown menu.
    4. Find Request zero risk treatment option on the Fluid Attacks platform

  4. Add a justification for your request and update the remaining fields if needed.
    5. Add justification for the zero risk request on the Fluid Attacks platform

  5. Click on Confirm when you are done.
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.