Creating, editing, and deleting applications

An application is a collection of scans related to the same project. It can be a web app, a mobile app, a web service, or any component of an app. Applications enable you to asses risk, identify trends, and make sure that your project is compliant with industry and organization policies.

Creating an application

Procedure

  1. In Applications view, click Create application at the top right of the screen.
    The Essentials tab lists the bare minimum options to create an application. The mandatory input needed is to enter a name and assign an asset group. Every application must belong to one (and only one) asset group, See Asset groups.
  2. In the Essentials tab, give the application a name and select an asset group from the drop-down list.
    Users with permission can:
    1. Type in a new name in the Asset group field
    2. Select Add asset group to create a new group
    3. Assign the application to it immediately.
    For more information, see Asset groups.
  3. Optional: By default the Business impact is set as Medium. You can change this if required from the following options using the drop-down list.
    • Critical
    • High
    • Medium
    • Low
    • Unspecified
  4. Custom application fields: The custom application fields you created at the Organizational level settings are listed here. Define the custom application field as required.
  5. Click Save to create the application.
    You can now create a scan or manually import issues discovered by a third-party scanner.

Editing an application

About this task

Procedure

  1. In Applications view, click the Edit icon for the application.
    ASoC displays the Edit application dialog.

    Apart from Name and Asset group, the attributes in this dialog are optional, but can be useful as administrative tools.

  2. Edit the attributes and assign values where useful to you. You can search all of these attributes when you are triaging your applications for security testing and vulnerability tracking.
    Tab Field Details
    Essentials Application name Required. Enter the name of the application.
    Asset group Required. Restrict access to these applications by assigning it to an appropriate asset group. An application can belong to one asset group only.

    The Asset group drop-down list appears only if the administrator has created one or more asset groups in the user management administration. Otherwise, a newly created application belongs to the default asset group.

    If you have permission you can type in a new name to create a new asset group for the application.

    See Asset groups for more information.
    Business impact If this applications is important, assign it a high or critical value. That way, when you filter your application inventory by this attribute, this application appears near or at the top of the list.

    The Risk rating for an application is based on a combination of highest detected issue severity and the application's business impact. Higher numbers indicate increased risk. See Risk rating
    Custom application fields Optional. Define custom fields for your application to help you categorize, filter, and analyze data. Admin users can create up to five new custom application fields in Organization > Settings.
    Application Details Description Optional. Use it for your own reference.
    Other fields Optional. Use it for your own reference.
    Personal Business owner Optional. Use it for your own reference.
    Development contact Optional. Use it for your own reference.
    Tester Optional. Use it for your own reference.
    Access control Business unit Optional. Select the business unit in the organization that your application belongs to. Admin users can create new business units in Organization > Settings.
    Security and risk Security and risk ratings Optional. Use for your own reference to define the security and risk ratings for your application.
    Scan settings Presence Assign up to three unique presences for your application.
    Note:
    • You cannot use a presence for an application if no presence is assigned and the restrict option is used.
    • Assigning presences to an application is optional; you can also assign a presence each time you scan. For more information, see AppScan Presence.
    Only allow Presences defined above Select this checkbox to restrict the application's scanning exclusively to the presences you assigned.
    Testing status Indicate Not Started, In Progress, or Completed in this field. This attribute appears as a summary dashboard chart, and contributes to the overall security risk rating.
    Automatic cleanup Automatic cleanup The maximum number of scans that an application can contain is 2,000. Indicate how to proceed when this limit is reached:
    • Manually delete scans: ASoC prompts you to delete scans when needed.
    • Enable automatic cleanup: ASoC deletes old scans automatically as needed.
    See Application scan cleanup.
  3. Click Save.

Deleting an application

Procedure

  1. In Applications view, click the application to open it.
  2. On the upper right of the screen, select Manage > Delete application.
  3. Select the preferred option:
    OptionDescription
    Delete scan data only All scans, agents, issues and libraries found in this application will be deleted. Application configuration and details will remain. Dashboards will be reset.
    Delete the entire application All scans, agents, issues and libraries found in the application will be deleted. Application configuration and details will be deleted. Dashboard data will also be deleted.
  4. Click Delete.

Results

If you delete an application, all of the scans, findings, and issues are deleted. Historical data in the dashboard is also deleted.