AppScan™ QA Edition FAQs—Results Communication:
Understand, Communicate, Report and Compliance
Home
Solutions
  - AppScan™ DE
  - AppScan™ QA
    - FAQ
    - FREE Trial
    - Detailed Information
  - AppScan™ Audit
  - AppShield™
  - AppShield Appliance
  - AppAudit
  - Whitepapers
Demos
Partners
Inside Sanctum
Web Perversion
Customers
News & Events
Support & Services
  - Support
Contact Us
Gov't Legislation
and Compliance
AppScan™ QA Edition FAQs—Results Communication   Knowledge Center

  1. How does AppScan QA communicate the results of my test?
  2. How do I report security defects to developers with AppScan QA?
  3. How does AppScan Report Content?
  4. What are Technical Fix Recommendations in AppScan QA?
  5. What is the Unique Test ID?
 
How does AppScan QA communicate the results of my test?
 

Communicating the right results to the right people is an extremely important step in the application security testing and assessment process. AppScan provides a wide variety of ways in which results can be analyzed, reported, and communicated. You can also view the results of every test in a variety of formats. AppScan's interactive results display and vulnerability index cards provide results in an interactive format that enables you to drill down from a high-level summary to the granular details of every test, including actionable fix recommendations. AppScan QA includes environment-specific, detailed technical fix recommendations. Alternatively, you can generate summary reports for executives or detailed reports for developers. You can also export test results in various formats, including XML, to third party tools for additional analysis and tracking. Using AppScan's compliance reports, QA and security organizations can now work collaboratively in testing for regulation compliance. Auditors can assess an application's compliance readiness and QA is able to perform specific requirements to pre-validate applications prior to staging and deployment. This significantly improves the communication loop between security and development ensuring that only quality, secure and compliant applications are deployed. In addition to the interactive results and reports, another valuable source of information about the tests is AppScan's traffic log. In the traffic log, users will find an exact record of every component of every AppScan request and the same details for each response from the application including header, cookie, script, and URL information

 
Back to Questions
 
How do I report security defects to developers with AppScan QA?
 

AppScan QA enables testers to get complete test descriptions and results into the hands of developers quickly. Through the results analysis feature, testers can communicate the root cause of security defects to developers. QA personnel can provide development with detailed reports that include test data, defect advisories, and environment-specific fix recommendations. Results can be exported in a standard format using the XML export feature and XSLT transformation to format the results to defect tracking and management software packages.

 
Back to Questions
 
How does AppScan Report Content?
 

Communicating the results of a security assessment is equally important to its findings. Therefore, defect reporting is an essential component to the remediation process. Reports, however, must have the capability to be both flexible with the amount of details as well as readable by audiences with varying technical knowledge. The reporting options allow the user to specify what type of vulnerabilities to include, what level of vulnerability (low, medium, high), which specific URLs, and the suggested fix recommendation platform . The AppScan reporting flexibility provides a single reporting utility that addresses the needs for multiple audiences. There is no need to spend extra time or resources to reconstruct the AppScan scan results externally. The native AppScan capabilities enable reports to be tailored to meet the various requirements across the organization.

 
Back to Questions
 
What are Technical Fix Recommendations in AppScan QA?
 

Discovering a security vulnerability is the first step towards remediation and delivery of quality software, however finding, communicating, and correcting the actual defect source is sometimes more challenging and tedious. QA organizations often do not have the resources available to analyze application security defects at the development code-level, resulting in difficult and time-consuming remediation processes.

AppScan QA addresses this problem by facilitating remediation of the security defects with comprehensive technical Fix Recommendations. These fix recommendations provide AppScan's technical audiences the detailed information they need to resolve each reported security defect. The fix recommendations include actual developer-level coding suggestion examples and are presented in HTML format for convenience. Fix recommendations are included for both the J2EE and .Net development environments (user specified). The detailed information arms QA personnel with a common language to communicate the defect remediation steps with development organizations, saving time, resources, and development effort.

 
Back to Questions
 
What is the Unique Test ID?
 

Every test in an AppScan session is given a session-specific unique test ID. The ID serves as reference point for each test and test result, and can be referenced in the results analysis as well as in the reporting function. The test ID provides test and audit personnel the reference point they need to help communicate and address specific tests and application vulnerabilities. By enabling the facility to find documented vulnerabilities quickly in searches, cross-referenced static reports, and interactive test-results grids, the overall efficiency and communication is greatly improved.

 
Back to Questions
 
 
AppShield, AppScan, Policy Recognition, and Adaptive Reduction are trademarks of Sanctum, Inc. All other product names referenced are the property of their respective owners and are hereby acknowledged.

 
 Datasheet
 Product White Paper
 AppScan™ QA Features
 FAQ's
 - Product Overview
 - Licensing ... Training
 - Results Communication
 - Technical Overview
 Case Studies
 OWASP Compliance
 Press Releases
 AppScan™ QA in the News
 Support & Services
 Demo
 AppScan Extranet

Free Trial
AppScan QA

Strategic Partner Solutions
 - Mercury Interactive
Because you need a fast, cost-effective route to web application security.
 - Partner Directory

Contact Me Now
Click here if you would like a Sanctum Sales Rep to contact you within 24 hours.

 © 2004 Sanctum, Inc.    Privacy Statement  |   Legal Disclaimer
  1. https://www.gustudentassociation.org/
  2. https://kimmerestaurant.com/
  3. https://www.nyonyafood.com/
  4. https://www.perfectotech.com/
  5. https://www.planetgapyear.com/
  6. https://whatcomvet.com/
  7. https://theclassicyachtexperience.com/
  8. https://www.batonrougerosesociety.org/
  9. https://www.finburysullivan.com/
  10. https://mikrofinanzinstitut.com/
  11. https://www.the-vision-of-harmony.org/
  12. https://www.pantheonpress.com/
  13. https://thefinancialgraduate.com/
  14. https://www.thenutkitchen.com/
  15. https://altiboutique.com/
  16. https://ambushsweden.com/
  17. https://goingonforgod.com/
  18. https://lasdopestattorney.com/
  19. https://www.sewardne.com/
  20. https://www.tehranfestival.com/
  21. https://brysonchristianmontessorischool.com/
  22. https://www.excalibureurope.com/
  23. https://www.originallotsoflox.com/
  24. https://www.wavespace-berlin.com/
  25. https://www.michiganmediates.org/
  26. https://www.yourmyrtlebeachproperty.com/
  27. https://metrcconference.com/
  28. https://biotechscope.com/
  29. https://jzbrasil.com/
  30. https://saafootball.org/
  31. https://griefergames.info/
  32. https://ampalauragarcianoblejas.com/
  33. sbobet
  34. judi parlay
  35. togel kamboja
  36. Pengeluaran Cambodia
  37. judi bola
  38. Togel Kamboja
  39. keluaran Kamboja
  40. slot thailand
  41. togel kamboja
  42. keluaran kamboja
  43. togel Kamboja
  44. slot demo
  45. keluaran cambodia
  46. togel cambodia
  47. live draw macau
  48. slot thailand
  49. pengeluaran kamboja
  50. judi bola
  51. sbobet
  52. slot demo
  53. togel sdy
  54. demo slot
  55. keluaran kamboja
  56. judi sbobet
  57. slot qris
  58. slot qris 5000
  59. slot qris
  60. slot deposit 5000
  61. slot qris
  62. pintarbersamamedan.org
  63. slot qris gacor
  64. slot qris 5000
  65. generasitogel
  66. live draw kamboja
  67. slot deposit qris
  68. toto macau
  69. pengeluaran macau
  70. macau pools
  71. slot server thailand super gacor
  72. slot qris 5k
  73. toto hk
  74. toto sdy
  75. toto sgp