Professional Documents
Culture Documents
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.84.181.47
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.84.181.47
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.84.181.47
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.84.181.47
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.84.181.47
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.84.181.47
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.84.181.47
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.84.181.47
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.84.181.47
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.84.181.47
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.89.172.17
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.89.172.17
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 13.89.172.17
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 157.245.241.189
Site uses a wildcard cert for *.truespot.com. See Screens tab for
Open Item capture. 40.119.12.12
157.245.241.189
adminapi.truespot.com 7.1
adminapi.truespot.com 2.6
adminapi.truespot.com 2.6
HTTPS 0
HTTPS nginx 0
HTTPS nginx 0
HTTPS nginx 0
HTTPS 0
HTTPS 0
HTTPS 0
HTTPS 0
HTTPS 0
HTTPS 0
HTTPS IIS 10.0 0
HTTPS 0
HTTPS 0
HTTPS 0
HTTPS 0
HTTPS 0
HTTPS nginx 0
HTTPS 0
System 0
System 0
System 0
System 0
System 0
System 0
Asset ID Vulnerability Tags Custom Tag
532765 HTTP,Web
532760 HTTP,Web
532757 HTTP,Web
532767 HTTP,Web
532764 HTTP,Web
532766 HTTP,Web
532758 HTTP,Web
532763 HTTP,Web
532768 HTTP,Web
532762 HTTP,Web
532770 HTTP,Web
532772 HTTP,Web
532771 HTTP,Web
532761 HTTP,Web
532759 HTTP,Web
532762 XSS,jQuery
532761 Network
532761 Network
532761 Network,SSH
532765 Network
532765 Network
532760 Network
532760 Network
532757 Network
532757 Network
532767 Network
532767 Network
532764 Network
532764 Network
532766 Network
532766 Network
532758 Network
532758 Network
532763 Network
532763 Network
532768 Network
532768 Network
532762 Network
532762 Network
532765 HTTP,Web
532767 HTTP,Web
532764 HTTP,Web
532766 HTTP,Web
532763 HTTP,Web
532768 HTTP,Web
532770 Network
532769 Network
532772 Network
532771 Network
532773 Network
532770 HTTP,Web
532769 HTTP,Web
532772 HTTP,Web
532771 HTTP,Web
532773 HTTP,Web
532761 Network
532759 Network
532759 Network
532762 Network
532763 Network
532766 Network
532767 Network
532765 Network
532761 Network
ction,Web,Web Spider
P_2010,OWASP_2013,Web,Web Spider
P_2010,OWASP_2013,Web,Web Spider
Remediation Status Comments
Running on the latest version of ASP.NET. See screen capture. Can this be
Open Item confimed?
GET Medium
GET Medium
GET Medium
GET Medium
GET Medium
GET Medium
GET Medium
GET Medium
GET Medium
GET Medium
GET Medium
GET Medium
GET Medium
GET Medium
Remediation Status Comments
Open Item Development resouces - considered out-of-scope
Open Item Development resouces - considered out-of-scope
Open Item Development resouces - considered out-of-scope
Open Item Development resouces - considered out-of-scope
Open Item Development resouces - considered out-of-scope
Open Item Development resouces - considered out-of-scope
Open Item Development resouces - considered out-of-scope
Open Item Development resouces - considered out-of-scope
Open Item Development resouces - considered out-of-scope
Open Item Development resouces - considered out-of-scope
Open Item Development resouces - considered out-of-scope
Vulnerability
Expired SSL Certificate
HTTP Strict Transport Security (HSTS) Policy Not Enabled
HTTP Strict Transport Security (HSTS) Policy Not Enabled
HTTP Strict Transport Security (HSTS) Policy Not Enabled
HTTP Strict Transport Security (HSTS) Policy Not Enabled
HTTP Strict Transport Security (HSTS) Policy Not Enabled
Weak Ciphers Enabled
Weak Ciphers Enabled
Weak Ciphers Enabled
Weak Ciphers Enabled
Weak Ciphers Enabled
URL Method
https://zz-env-dev-recon.truespot.com/%3Cscript%3Ealert(0)%3C/script%3E GET
https://lotmgmt-d-us-c-web.azurewebsites.net/ GET
https://zz-dev-admin.truespot.com/ GET
https://devmoloadmin.azurewebsites.net/ GET
https://zz-dev-dealer.truespot.com/ GET
https://zz-env-dev-recon.truespot.com/ GET
https://zz-dev-dealer.truespot.com/ GET
https://lotmgmt-d-us-c-web.azurewebsites.net/ GET
https://zz-dev-admin.truespot.com/ GET
https://devmoloadmin.azurewebsites.net/ GET
https://zz-env-dev-recon.truespot.com/ GET
Severity Parameter ParameterType Parameter Value
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Color Coding Guide for ASV Vulnerability Workbook
In an effort to ensure your remediation and process to dispute findings is seamless, Specialized Security Services, Inc. has cre
The client will highlight the workbook(s) using the following table:
Red Highlight Open item, Client needs to provide S3 documentation with how the vulnerability was resolved.
Light Green Highlight False Positive vulnerabilities, Client Provided S3 Evidence Validating False Positive
Light Blue Highlight Client Provided S3 Evidence of Remediation
Pink Highlight Compensating Control, Client mitigates and accepts the Risk and Documents the Control
Orange Highlight Decommissioned assets or vendor managed hardware, Client provided S3 evidence of Decommissio
Yellow Highlight New vulnerability, does not affect current quarter compliance but remediation strongly recommended
Gray Highlight Passing vulnerability, does not affect compliance but remediation recommended
Please include evidence for ALL VULNERABILITIES; false positives, remediation, compensating control and/or decomm
Please use the first column on the report tab for comments or status.
d Security Services, Inc. has created a Color Coding system. Please use the following color coding to mark your ASV workbooks:
h IP address and vulnerability references (CVE or Vulnerability Title) so that Specialized Security Services, Inc. can valide these efforts effe
n valide these efforts effectively.
Row 1.3-17
Row 2.11