Follow this workflow to manage application security risks in your organization.
Learn how to determine risks and prioritize vulnerabilities identified in an application.
Learn how to prioritize vulnerabilities identified in an application.
Learn how to create an application inventory.
Learn how to test vulnerabilities identified in an application.
Now that management and security analysts have a comprehensive view of the applications across the enterprise, it's time to get a complete picture of the application security risk. Use formulas to create rules for automated application asset classification. The automated calculation of an application security risk rating is based on the application's description and discovered vulnerabilities.
When an application has many scans that discover many vulnerabilities, use filters on the preset issue attributes, such as Issue Severity, Issue Type, or Issue Status to help you reduce the list to a more manageable size.
All issues are classified as 'new' by default. You can see an issue classification by viewing the issue status. If no issues display for an application, associate a security scan with the application. Otherwise, you must manage your issues from a report in the Scans view. If you move a scan job from one application to another, you won't lose any of your issue management changes.
Security analysts can see the number of applications that have overdue issues so that they can quickly calculate which issues or applications are out of compliance. AppScan Enterprise v9.0.3 includes an Overdue formula that can be modified or used as an example for creating complex formulas. If your organization must comply with the Payment Card Industry standard, you can add that to the formula. Or modify the formula so that if an issue is still marked New after 10 days, and it has a high severity, it is automatically overdue.
Learn how to remediate risks identified in an application.
Learn how to measure progress and demonstrate compliance.