I've another question related to the previous one: is it possible to set an order by which to show the found vulnerabilities? If so, how? I'm trying to edit an existing report design, but in the fields on the bottom right of the "Report Designer" tool I can't find anything related to the order. I've found a way to list the findings page by page, now I'd like to count them and order the results in descending order, from pages with highest number of issues to the lowest.
I believe the individual findings within a Severity are ordered by one or two hidden values. One could be the actual Severity Value (1-100) defined by the researchers and hidden from the user within the vulnerability database. For findings in the same Severity with matching Severity Values, I believe they might be sub-ordered by the Session Number as the particular page/session was found and added to the scan results database. I am not certain of that, but I feel it might be out of reach for the Report Designer.
As in the other post, we found that, while the WebInspect vulnerability engine works really well (almost no one false positive and best in class discovery capability), the tools for building reports lack completeness and reliability. I think that, from the customer point of view, having many consistent and "fashion" (in the sense that results are represented in different aggregate views) kind of reports is essential to make the product more appealing to the final, management level, user.