Vulnerability Tags

To access the Tags page, click Customize → Tags.

The process for creating a vulnerability tag is the same as for an application tag. Click the Create Tag button, name your vulnerability tag, and change the type to "VULNERABILITY". Click Create Tag inside the modal dialog, and your new vulnerability tag will be listed.

Attach a Vulnerability Tag to a Vulnerability

Now, we can attach our tag to a vulnerability.

You can do so within the Vulnerability Details page, clicking the Action dropdown and selecting Manage Tags.

You can also do so within the vulnerability tree on your application’s detail page.

The tag we just created was called "Unfiltered inputs," so let’s open up the SQL Injection node. A list of SQL Injection vulnerabilities appears.

Select one or more vulnerabilities and click on the Action dropdown. Select Batch Tagging.

With the 'Add Selected Tags' option still selected (default), click the Tag dropdown and select the tag(s) that you wish to add, then click the Batch Tagging button.

You will see that each of the selected vulnerabilities has been tagged, like so:

Return to your application detail page. Now, we are interested in the Filters column on the right. Click and expand the Tags filter field, then Vulnerability.

Type in the name of your vulnerability tag in the text field. If you have a number of tags, all possibilities will be listed, based upon the text you input. When you have chosen your tag, hit the enter key.

As you can see, the tree view has filtered out all vulnerabilities except the entries tagged with "Unfiltered input."

You may have noticed that this process used batch tagging as well, launched from the tree-view of open vulnerabilities.

Remove a Vulnerability Tag from a Vulnerability

You may also remove vulnerability tags from one or more vulnerabilities by selecting the 'Remove Selected Tags' option in the Batch Tagging Vulnerabilities modal.