Working with Scan Findings
What This Covers
This guide explains how to work with scan findings within Steel Security.
It focuses on how to interpret, navigate, and act on findings efficiently as part of your workflow.
Where Findings Are Managed
Scan findings are managed on the Scan page.
To access them:
This is the primary location for reviewing and acting on detected issues.
Understanding the Findings List
The Scan page presents findings as a structured list.
Each entry represents a specific issue and includes:
- a description of the problem
- context explaining the risk
- recommended next steps
Findings are designed to be actionable and easy to interpret.
Working Through Findings Efficiently
A typical workflow:
- Start with the highest-risk findings
- Open each finding to review details
- Determine whether action is required
- Apply a fix or hardening control if appropriate
- Re-scan to confirm resolution
Work through findings methodically rather than all at once.
Prioritization Strategy
When reviewing findings, prioritize:
High-Risk Issues
- exposed sensitive files
- publicly accessible data
- configuration leaks
These should be addressed first.
Moderate Issues
- debug settings
- unnecessary exposure
- non-critical misconfigurations
These should be reviewed and corrected where appropriate.
Informational Findings
- expected or intentional configurations
These may not require action but should still be understood.
Taking Action on Findings
Depending on the finding, actions may include:
- applying a hardening control
- removing or securing a file
- updating configuration settings
- making server-level changes
Always review the recommendation before taking action.
Using Hardening with Findings
Some findings can be resolved directly through Steel Security hardening features.
When available:
- review the hardening option
- confirm it is appropriate for your site
- apply the change
- re-scan to verify
Hardening provides a safe and structured way to address common issues.
Handling Intentional Findings
Not all findings indicate problems that need to be fixed.
You may choose to leave a finding unresolved if:
- it is required for your workflow
- the risk is understood and accepted
- the exposure is controlled
Be intentional with these decisions.
Re-Scanning After Changes
After addressing findings:
- Reload the Scan page
- A new scan will run automatically
- Confirm that the issue no longer appears
This step is important to validate that changes were successful.
Avoiding Common Mistakes
- Do not apply fixes without understanding them
- Do not attempt to resolve everything at once
- Do not remove files without verifying their purpose
Work incrementally and verify each step.
When a Finding Persists
If a finding remains after applying a fix:
- confirm the change was applied correctly
- check for caching or server-level behavior
- verify the issue has been fully resolved
Some issues may require manual intervention beyond the plugin.
Tips
- Focus on high-impact issues first
- Work in small, controlled steps
- Re-scan frequently
- Use findings as an ongoing audit tool
What to Do Next
After working through your findings:
- Apply additional hardening where appropriate
- Monitor your Scan Risk Score
- Continue periodic scans to maintain security