Saltar a contenido

Verify a remediation

After you fix a finding, Vex Raptor can re-attack the same vector and certify whether it is closed — turning "we suggested a fix" into "we proved the fix worked."

How it works

For a finding (or a whole scan), the verifier re-runs the original attack against the same endpoint and returns a status:

Status Meaning
CLOSED The re-attack no longer succeeds — the fix holds
OPEN The vector is still exploitable — not fixed
UNVERIFIABLE This class needs manual re-validation

A summary reports how many findings are closed, open, or unverifiable, plus a fixed-rate percentage.

Supported classes

Automated re-verification currently covers the classes that can be re-tested safely and deterministically:

  • Reflected XSS — checks whether the payload still reflects unencoded
  • Error-based SQL injection — checks whether a DB error still leaks
  • Missing security headers — checks whether the header is now present

Everything else is honest about its limits

Classes that cannot be re-tested deterministically are returned as UNVERIFIABLE rather than guessed. A finding is never reported CLOSED unless the re-attack actually failed to reproduce it.

From the report

  1. Open a completed report.
  2. Use Verify remediation on a finding (or the whole scan).
  3. Review the CLOSED / OPEN / UNVERIFIABLE badges.

In CI

The CI Gate can re-scan on each pipeline run, so a regression that re-opens a previously closed finding fails the build.