- How does AppScan Report Content?
- What are HTML Advisories?
- How does AppScan AE use XSLT?
- How does AppScan AE Export Results?
- Can I create a customized compliance report representing our corporate security privacy policy? How?
|
| |
| How does AppScan Report Content? |
| |
|
Communicating the results of a security assessment is equally important to its findings. Therefore, defect reporting is an essential component to the remediation process. Reports, however, must have the capability to be both flexible with the amount of details as well as readable by audiences with varying technical knowledge. The reporting options allow the user to specify what type of vulnerabilities to include, what level of vulnerability (low, medium, high), and which specific URLs. The AppScan reporting flexibility provides a single reporting utility that addresses the needs for multiple audiences. There is no need to spend extra time or resources to reconstruct the AppScan scan results externally. The native AppScan capabilities enable reports to be tailored to meet the various requirements across the organization.
|
| |
| Back to Questions |
| |
| What are HTML Advisories? |
| |
|
HTML Advisories are displayed in HTML providing all the convenience that HTML offers including copy/paste, search, and print capabilities.
|
| |
| Back to Questions |
| |
| How does AppScan AE use XSLT? |
| |
|
AppScan 4.5 provides Extensible Stylesheet Language Transformations (XSLT) capabilities to use in conjunction with AppScan's XML data. XSLT is a language used to transform XML data into an XML-based document or other type of document that can be recognized by a standard browser (HTML and XHTML). XSLT is extremely versatile and can be used to rearrange or sort data, test and make decisions about what data to display, and perform a variety of data computations or functions. The XSLT capabilities and robustness make it the ideal medium to use when performing data analysis or preparing customized reports, and AppScan 4.5 uses XSLT in a couple of ways. First, the Compliance Report utilizes XSLT to display the compliance report in a browser. Second, the capability to perform trend analysis in AppScan 4.5 is provided in a XSLT template and therefore allows you to perform a trend analysis across multiple scans. (see Trend Analysis for more details). Finally, included with AppScan AE are several examples XSLT templates for customers to use to build their own customizes of the XML export output.
|
| |
| Back to Questions |
| |
| How does AppScan AE Export Results? |
| |
|
The information that AppScan collects during a web application scan can be very valuable for defect tracking software and reporting utilities. Because of the data's importance, AppScan provides flexible data portability options that allow users to export AppScan results to a data file. AppScan 4.5 provides new functionality to export data in XML format. The simple export utility allows the AppScan information to be saved to directly to disk XML truly provides the best option for data mobility and flexibility. The XML output provides a structured data format that can easily be used by a variety of tools and reporting packages. The XML structure facilitates data transformation to whatever requirement is needed.
|
| |
| Back to Questions |
| |
| Can I create a customized compliance report representing our corporate security / privacy policy? How? |
| |
|
AppScan allows you to define your own regulation compliance files. When generating a compliance report, you can select User Defined from the regulation combo-box, and then select the regulation file you want to use (xxx.asreg). AppScan regulation files are XML based files, and therefore can be easily changed or modified to suit your needs.
|
| |
| Back to Questions |
| |
|
| |
|
AppShield, AppScan, Policy Recognition, and Adaptive Reduction are trademarks of
Sanctum, Inc. All other product names referenced are the property
of their respective owners and are hereby acknowledged.
|
