Risk Focus Assessment
The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
Overview
Risk Focus Assessment is an extended mode of blackbox assessment. While standard blackbox assessments scan all features and perspectives at once, Risk Focus Assessment allows you to set priorities and scan incrementally within a credit threshold.
Key features:
- Priority-based scanning: Set priorities (High, Medium, Low, None) for each combination of feature and perspective. Higher-priority items are scanned first
- Credit threshold: Set a maximum credit limit per scan. Once the threshold is reached, no further credits will be consumed
- Incremental scanning: After a scan completes, you can review the results and run additional scans on unscanned features and perspectives
Regarding Credit Consumption
In Risk Focus Assessment, scans are performed within the configured credit threshold. When the credit threshold is reached during a scan, the scan stops after the currently running test completes.
Even if actual credit consumption exceeds the configured threshold, the excess credits will not be charged.
For example, if the credit threshold is set to 10 and the actual consumption is 11, the final billed credit consumption will be 10.
Assessment Flow
Risk Focus Assessment follows this flow:
- Start a blackbox assessment in "Scoped Assessment" mode
- After crawling completes, select "Risk Focus" from the menu and configure the following before starting the scan:
- Credit Threshold: Set the maximum credit limit for the scan
- Priorities: Set priorities (High, Medium, Low, None) for each feature-perspective combination
- Review results and choose to run additional scans or complete the assessment
Starting a Blackbox Assessment
First, create a new assessment from the "Assessment" tab, just like a standard blackbox assessment. Select the "Scoped Assessment" mode.
Configuring Risk Focus Assessment
After crawling completes, select "Risk Focus" from the menu. A matrix of detected features and assessment perspectives will be displayed. On this screen, configure the credit threshold and set priorities for the scan.
Starting the Scan
Once priorities and the credit threshold are configured, click the "Start Pentesting" button to begin the scan. Scans are executed in order of priority, starting with the highest-priority combinations.
Reviewing Results and Running Additional Scans
When the credit threshold is reached or all selected combinations have been scanned, the assessment pauses in a "Pending" state.
Opening a "Pending" assessment displays the matrix screen again. Each cell shows one of the following states:
| State | Description |
|---|---|
| Scanned | Displayed for combinations where scanning has completed |
| Skipped | Displayed for combinations that were skipped because scanning was deemed unnecessary |
| Priority menu | Displayed for combinations that have not yet been scanned |
From this screen, you can:
- Preview the interim report: Click "Preview Report" to open the current report in a new tab. You can use it to review findings so far and decide whether to continue scanning or complete the assessment
- Run additional scans: Set priorities for unscanned combinations and click "Start Pentesting" to run additional scans
- Complete the assessment: If no additional scans are needed, click the "Complete Assessment" button to finalize the assessment
Completing the Assessment
Clicking "Complete Assessment" transitions you to the assessment report page. Reports can be viewed in the same format as standard blackbox assessments.