When working on security assessments that span multiple domains, such as web and mobile applications, you have the flexibility to either create separate projects for each domain or consolidate everything into a single project by enabling the Multi-Assessment Domain feature. This feature is particularly useful when you want to categorize findings by different domains within a single project.
Enabling Multi-Assessment Domain
To enable this feature:
Navigate to either the Edit Project page for an existing project or the Create New Project page.
Look for the Multi-Assessment Domain option and select Yes to enable it.
Once enabled, this feature allows you to assign a specific assessment domain (e.g., Web, Mobile) to each finding directly within the Vulnerabilities tab. This way, you can clearly associate each finding with its respective assessment domain.
Using the Multi-Assessment Domain in Reports
With the Multi-Assessment Domain enabled, you can customize your report templates to reflect the specific assessment domain for each finding. This can be done by using the tag {assessment_domain}
within the {vulnerabilities}
object in your template. You can also adjust the content of your report to include different testing standards or frameworks depending on the selected domain.
For example, based on the domain, you might want to display different security standards (e.g., OWASP Top 10 for web applications or MASVS for mobile applications).
Example Report Output
After generating the report, the output will reflect the chosen assessment domains for each finding. Below is an example of how the report will appear when the Multi-Assessment Domain feature is used: