Working with Scan Findings

What This Covers 
 This guide explains how to work with scan findings within Steel Security. 
 It focuses on how to interpret, navigate, and act on findings efficiently as part of your workflow. 
 
 Where Findings Are Managed 
 Scan findings are managed on the Scan page. 
 To access them: 
 
 Navigate to Steel Security → Scan 
 A scan will run automatically 
 Review the findings list once complete 
 
 This is the primary location for reviewing and acting on detected issues. 
 
 Understanding the Findings List 
 The Scan page presents findings as a structured list. 
 Each entry represents a specific issue and includes: 
 
 a description of the problem 
 context explaining the risk 
 recommended next steps 
 
 Findings are designed to be actionable and easy to interpret . 
 
 Working Through Findings Efficiently 
 A typical workflow: 
 
 Start with the highest-risk findings 
 Open each finding to review details 
 Determine whether action is required 
 Apply a fix or hardening control if appropriate 
 Re-scan to confirm resolution 
 
 Work through findings methodically rather than all at once. 
 
 Prioritization Strategy 
 When reviewing findings, prioritize: 
 High-Risk Issues 
 
 exposed sensitive files 
 publicly accessible data 
 configuration leaks 
 
 These should be addressed first. 
 
 Moderate Issues 
 
 debug settings 
 unnecessary exposure 
 non-critical misconfigurations 
 
 These should be reviewed and corrected where appropriate. 
 
 Informational Findings 
 
 expected or intentional configurations 
 
 These may not require action but should still be understood. 
 
 Taking Action on Findings 
 Depending on the finding, actions may include: 
 
 applying a hardening control 
 removing or securing a file 
 updating configuration settings 
 making server-level changes 
 
 Always review the recommendation before taking action. 
 
 Using Hardening with Findings 
 Some findings can be resolved directly through Steel Security hardening features. 
 When available: 
 
 review the hardening option 
 confirm it is appropriate for your site 
 apply the change 
 re-scan to verify 
 
 Hardening provides a safe and structured way to address common issues. 
 
 Handling Intentional Findings 
 Not all findings indicate problems that need to be fixed. 
 You may choose to leave a finding unresolved if: 
 
 it is required for your workflow 
 the risk is understood and accepted 
 the exposure is controlled 
 
 Be intentional with these decisions. 
 
 Re-Scanning After Changes 
 After addressing findings: 
 
 Reload the Scan page 
 A new scan will run automatically 
 Confirm that the issue no longer appears 
 
 This step is important to validate that changes were successful. 
 
 Avoiding Common Mistakes 
 
 Do not apply fixes without understanding them 
 Do not attempt to resolve everything at once 
 Do not remove files without verifying their purpose 
 
 Work incrementally and verify each step. 
 
 When a Finding Persists 
 If a finding remains after applying a fix: 
 
 confirm the change was applied correctly 
 check for caching or server-level behavior 
 verify the issue has been fully resolved 
 
 Some issues may require manual intervention beyond the plugin. 
 
 Tips 
 
 Focus on high-impact issues first 
 Work in small, controlled steps 
 Re-scan frequently 
 Use findings as an ongoing audit tool 
 
 
 What to Do Next 
 After working through your findings: 
 
 Apply additional hardening where appropriate 
 Monitor your Scan Risk Score 
 Continue periodic scans to maintain security 
 
 
 Related 
 
 Reviewing Findings 
 Applying Hardening Safely 
 Scan Risk Score Explained 
 Hardening Reference