Follow this workflow to manage application security risks in your organization.
Learn how to measure progress and demonstrate compliance.
Learn how to demonstrate compliance.
Learn about Compliance report.
Learn how to create an application inventory.
Learn how to test vulnerabilities identified in an application.
Learn how to determine risks and prioritize vulnerabilities identified in an application.
Learn how to remediate risks identified in an application.
Learn how to track various metrics and trends of the applications that compose your portfolio.
You can generate customized reports (in PDF, HTML, or XML) for issues and send them to developers, internal auditors, penetration testers, managers, and the CISO. The reporting templates in AppScan Enterprise map application security data to key government regulations and industry standards. Use the reports to document progress towards regulatory compliance goals, such as showing a reduction in the number of application vulnerabilities that are associated with compliance issues.
Security reports can be large. During report generation, you might receive a warning message that the file is hundreds of pages long, or the report creation process might time out. Try the following tips to reduce report size.
This report displays issues found on your site that are noncompliant with this regulation. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This Basel II compliance report can help financial institutions deal with operational risk derived from online activity by identifying, monitoring, and reporting web application vulnerabilities.
This report displays issues found on your site that are noncompliant with these regulations. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays Children's Online Privacy Protection Act (COPPA) issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation. Note: Many of the issues in this report are similar to those in the HIPAA report. If both reports are added to a dashboard, you will see an inflated number of total issues. To prevent this from happening, you can create tabs for each report, or just add one of the reports to a dashboard.
This report displays Data Protection Act issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report analyzes the results of the web application scan to detect possible violations of the security requirements for safeguarding interconnected information systems, and for safeguarding information systems that employ advanced technologies. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process.
This report analyzes the results of the web application scan to detect possible violations of the availability requirements for systems operating in the basic protection level outlined in Chapter 6 of the "Protecting Sensitive Compartmented Information within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process. The "basic" level means that information must be available with flexible tolerance for delay or loss of availability will have an adverse effect.
This report analyzes the results of the web application scan to detect possible violations of the availability requirements for systems operating in the medium protection level outlined in Chapter 6 of the "Protecting Sensitive Compartmented Information within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process. The "medium" level means that information must be readily available with minimum tolerance for delay, or that loss of availability might result in bodily injury or adversely affect organization-level interests.
This report analyzes the results of the web application scan to detect possible violations of the availability requirements for systems operating in the high protection level outlined in Chapter 6 of the "Protecting Sensitive Compartmented Information within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process. The "high" level means that information must always be available upon request, with no tolerance for delay. Loss of availability might result in loss of life, adversely affect national interests or breach confidentiality.
This report analyzes the results of the web application scan to detect possible violations of the confidentiality requirements for systems operating in protection level 1 as outlined in Chapter 4 of the "Protecting Sensitive Compartmented Information Within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process.
This report analyzes the results of the web application scan to detect possible violations of the confidentiality requirements for systems operating in protection level 2 as outlined in Chapter 4 of the "Protecting Sensitive Compartmented Information Within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process.
This report analyzes the results of the web application scan to detect possible violations of the confidentiality requirements for systems operating in protection level 3 as outlined in Chapter 4 of the "Protecting Sensitive Compartmented Information Within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process.
This report analyzes the results of the web application scan to detect possible violations of the confidentiality requirements for systems operating in protection level 4 as outlined in Chapter 4 of the "Protecting Sensitive Compartmented Information Within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process.
This report analyzes the results of the web application scan to detect possible violations of the confidentiality requirements for systems operating in protection level 5 as outlined in Chapter 4 of the "Protecting Sensitive Compartmented Information Within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process.
This report analyzes the results of the web application scan to detect possible violations of the integrity requirements for systems operating in the basic integrity level outlined in Chapter 5 of the "Protecting Sensitive Compartmented Information Within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process. The "basic" level means a reasonable degree of resistance is required against unauthorized modification or loss of integrity will have an adverse effect.
This report analyzes the results of the web application scan to detect possible violations of the integrity requirements for systems operating in the medium integrity level outlined in Chapter 5 of the "Protecting Sensitive Compartmented Information Within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process. The "medium" level means that a high degree of resistance is required against unauthorized modification, but not absolute. A medium loss of integrity might result in bodily injury or an adverse affect on organizational-level interests.
This report analyzes the results of the web application scan to detect possible violations of the integrity requirements for systems operating in the high integrity level outlined in Chapter 5 of the "Protecting Sensitive Compartmented Information Within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process. The "high" level means that a very high degree of resistance is required against unauthorized modification. A high loss of integrity might result in loss of life or adverse affect on national interests or confidentiality.
The Application Security and Development Security Technical Implementation Guide (STIG) provides security guidance for use throughout the application development lifecycle. The Defense Information Systems Agency (DISA) encourages sites to use these guidelines as early as possible in the application development process.
This report displays issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays EFTA issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays Data Protection Directive (EU 1995/46/EC) issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays Privacy and Electronic Communications Directive (EU 2002/58/EC) issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays FERPA issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays FFIEC issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays FISMA issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays FedRAMP issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays GLBA issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays FIPPA issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays HIPAA issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays issues found on your site concerning Japan's Personal Information Protection Act. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This MA 201 compliance report can help financial institutions deal with operational risk derived from online activity by identifying, monitoring, and reporting web application vulnerabilities.
This MITS compliance report can help financial institutions deal with operational risk derived from online activity by identifying, monitoring, and reporting web application vulnerabilities.
This report displays NERC CIPC Violations issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This PA-DSS compliance report can help financial institutions deal with operational risk derived from online activity by identifying, monitoring, and reporting web application vulnerabilities.
This report displays PCI issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays PIPED issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays Privacy Act of 1974 issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays General Data Protection Regulation (GDPR) issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays European Safe Harbor issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays Sarbanes-Oxley issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
This report displays 21CFR11 (Code of Federal Regulations, Title 21, Part 11) issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.
Learn about Industry standard report.