Security Auditor - Help Guide

1 Getting Started

Security Auditor is a combined Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) platform that identifies security vulnerabilities in your application code and web deployments. It performs 40+ security checks across two scanning modes.

The checks this tool performs overlap with the Open Web Application Security Project (OWASP) Top Ten; many checks map to common OWASP categories such as Injection, Cross-Site Scripting (XSS), Broken Authentication, and Security Misconfiguration.

Two Scanning Modes

Local Directory — Upload source code files or specify a directory path. The SAST engine scans your code for 28+ vulnerability patterns including SQL injection, XSS, command injection, hardcoded credentials, and more.
Remote URL — Enter a web application URL. The DAST engine checks HTTP security headers, probes for exposed sensitive paths, verifies HTTPS configuration, and scans response content for information leaks.

Security Auditor landing page showing Local Directory mode selected

The Security Auditor landing page with Local Directory mode selected.

Supported file types for local scanning:
.py, .js, .ts, .java, .php, .go, .rb, .c, .cpp, .cs, .swift, .kt, .scala, .rs, .jsx, .tsx

2 Scanning a Local Directory

Use this mode to scan application source code files for security vulnerabilities using static analysis.

Select Local Directory in the Analysis Mode panel on the left sidebar.
Provide your code using one of two methods:
- Upload files — Drag and drop or click the upload area (total size maximum 25 MB).
- Enter a directory path — Type the full path to a local directory, e.g. C:/Projects/my-application.
Optionally toggle NVD Enriched Scan Results on or off (see Section 5).
Click the Analyze button.
Wait for the scan to complete. A progress indicator shows the current status.

Tip

When uploading files, you can select multiple files at once. The scanner analyses all uploaded files together, detecting cross-file vulnerability patterns.

Local directory scan results showing Analysis Summary and Security Findings

Results from a local directory scan showing the Analysis Summary, severity badges, and individual finding cards.

3 Scanning a Remote URL

Use this mode to dynamically test a running web application for security misconfigurations and vulnerabilities.

Select Remote URL in the Analysis Mode panel.
Enter the target web application URL in the Web Application URL field, e.g. https://your-app.example.com.
Click the Analyze button.

What Gets Checked

HTTP Security Headers — Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Strict-Transport-Security, Referrer-Policy, Permissions-Policy.
Sensitive Path Exposure — Probes for common exposed paths such as /.env, /.git/config, /admin, /phpinfo.php, /swagger.json, and 15+ other paths.
HTTPS Configuration — Verifies the application uses HTTPS rather than unencrypted HTTP.
Response Content Analysis — Scans HTML responses for database error messages, stack trace disclosures, debug mode indicators, and sensitive data in comments.
Server Version Disclosure — Detects if the server reveals its software version in response headers.

Remote URL scan results showing missing security headers and other findings

Results from a remote URL scan showing missing security headers and insecure HTTP connection findings.

4 Understanding Your Results

Analysis Summary

After a scan completes, the Analysis Summary section appears at the top of the results. It displays metadata about the scan and a count of findings grouped by severity level.

Target — The directory path or URL that was scanned.
Files Analyzed — Number of source code files processed (local scans only).
Total Findings — Total number of security issues detected.
Analysis Type — Either Local (SAST) or Web (DAST).

Severity Badges

Below the metadata, colour-coded severity badges show how many findings fall into each severity level:

Critical High Medium Low Info

Finding Cards

Each detected vulnerability is displayed as a finding card containing the following information:

Vulnerability Name — The type of security issue (e.g. "SQL Injection", "Missing Security Header: Content-Security-Policy").
Severity Tag — A colour-coded badge showing CRITICAL, HIGH, MEDIUM, LOW, or INFO.
Common Weakness Enumeration (CWE) Reference — The identifier (e.g. CWE-89).
CVE References — Related Common Vulnerabilities and Exposures entries (when NVD enrichment is enabled).
File Path & Line Number — Exact location in the source code (local scans) or the target URL (remote scans).
Description — Explanation of the vulnerability and its potential impact.
Remediation Guidance — Click the expandable section to view recommended fixes and best practices.

Exporting Reports

At the bottom of the results, two export options are available:

Export JSON Report — Downloads a structured JSON file containing all scan data, suitable for integration with CI/CD pipelines or other security tools.
Export Markdown Report — Downloads a Markdown report with findings grouped by severity, including file locations, code snippets, and remediation guidance. Ideal for pasting into vibe-coding platforms (Cursor, Lovable, Bolt, etc.) to fix identified issues.

5 NVD Enrichment

The NVD Enriched Scan Results toggle in the sidebar controls whether scan findings are enriched with data from the NVD, maintained by the National Institute of Standards and Technology (NIST).

What NVD Enrichment Adds

Related Common Vulnerabilities and Exposures (CVE) references for each finding.

When to Enable

Comprehensive security audits where you need full CVE context.
Compliance reporting that requires specific vulnerability references.
When you need detailed remediation guidance for each finding.

When to Disable

Quick scans where speed is the priority.
Offline environments without internet access.
When the NVD API is rate-limited or unavailable.

Note

NVD enrichment adds processing time to the scan. The toggle is enabled by default. You can disable it for faster scans and re-run with enrichment when needed.

6 Severity Levels Guide

Findings are classified into five severity levels. Use this guide to prioritise remediation efforts.

Severity	Description	Examples
CRITICAL	Immediate action required. These vulnerabilities can lead to full system compromise, data breaches, or remote code execution.	SQL Injection, Command Injection, Hardcoded Credentials, Insecure Deserialization
HIGH	Serious vulnerabilities requiring prompt attention. These can lead to significant data exposure or unauthorized access.	Cross-Site Scripting (XSS), Path Traversal, SSRF, JWT Without Verification
MEDIUM	Moderate risk requiring investigation. These may enable attacks under certain conditions or weaken security posture.	CORS Misconfiguration, Weak Cryptographic Algorithm, Open Redirect, Missing Content-Security-Policy
LOW	Minor issues with lower priority. These represent defence-in-depth concerns or best practice violations.	Debug Mode Enabled, Missing Non-Critical Headers, Verbose Error Messages, Sensitive Data in Logs
INFO	Informational findings with no direct security risk. These highlight areas for awareness or potential improvement.	Technology Detection, Configuration Notes, Server Version Disclosure

Prioritisation Strategy

Address Critical and High findings first, as they pose the greatest risk. Medium findings should be reviewed and scheduled for remediation. Low and Info findings can be addressed as part of regular maintenance cycles.