Application attributes
Application attributes are the properties of the application, and appear as column headers in the main Application view. You can use them to filter application lists to focus on what you want to investigate. The following table explains the predefined attributes that you can edit (Date Created and Last Updated are controlled by AppScan Enterprise). If your administrator created customized attributes for your application or removed attributes that are not relevant, they do not appear in this help topic.
Attribute Name | Displays as default column | Description |
---|---|---|
Risk Rating | Yes | Use this attribute to indicate the aggregated business risk for this application. The default risk rating calculation results in a value between 0 and 25 based on a combination of highest detected issue severity and business impact. Higher numbers indicate increased risk. Administrators can customize this formula if necessary. |
Name | Yes | Use a unique name. |
Critical/High/Medium/Low Issues | Yes (all display except low issues) | The aggregated severity numbers for each application. These numbers are updated whenever issues are managed in a report, a content scan job is run, or a scan job is associated with an application. |
Work in progress | Yes | The aggregated numbers of issues that are currently being fixed for each application (that is, Status = In progress). These numbers are updated whenever the issue status is updated. |
Business Unit | Yes | Knowing the business unit can help you to identify if there areas of
concern. For instance, if there are several applications that belong to the same business unit, there might be a resource issue to resolve so that testing or vulnerability fixing can continue successfully. |
Description | Optional to further identify the application for other users to understand its significance. | |
Business Impact | Use this attribute to indicate how critical this application is to your business. | |
Testing Status | Indicate Not Started, In Progress, or Completed in this field. This attribute appears as a summary chart and can also be filtered in the application grid. | |
Last Updated | This field is only updated when a user updates a value for an application attribute.
The following events do not trigger the field to update:
|
|
New/Open/Fixed/Total Issues |
|
|
Type | Use this attribute to indicate whether this application is run or viewed on the web, Mobile, or Desktop. You might also indicate All if the application can be viewed on all types of devices. | |
URL | The unique URL of the web application. | |
Hosts | The IP address or server name where the application is hosted. If necessary, enter multiple values, and separate them by commas. | |
Business Owner | Indicates who owns responsibility overall for the successful implementation and delivery of the application. | |
Development Contact | Indicates the developer or the team lead responsible for this application. | |
Tester | Indicates the focal point for security testing of this application. | |
Tags | Create unique tags for this application. You can create up to 50 tags
per application. Each tag can be up to 50 characters in length. Here are some examples of
customized tags you might use:
|
|
Modified Base Metrics | These metrics overrides the individual Base metrics based on specific characteristics of a user’s environment. (CVSS Environmental metric) | |
Confidentiality Requirement | The relative importance of confidentiality of user information. (CVSS Environmental metric) | |
Integrity Requirement | The relative importance of integrity, or accuracy, of information. (CVSS Environmental metric) | |
Availability Requirement | The relative importance of availability of information. (CVSS Environmental metric) |