Extending the AppScan Source Security Knowledgebase

This section describes how to customize the database and integrate customized vulnerabilities and other routines into scans. Custom rules tailor the AppScan® Source Security Knowledgebase (or vulnerability database) to your specific security standards and apply those standards consistently across your enterprise.

Often it becomes important to specify your own validation and encoding routines - or to define certain application programming interfaces (API) as vulnerabilities, sinks and sources, taint propagators, or informational items. When you create these rules, you customize and extend the AppScan Source vulnerability database, an integral part of theAppScan Source Security Knowledgebase. Once you add a custom rule to the database, AppScan Source for Analysis identifies it during a scan. Calls to the custom API are revealed as security findings or scan coverage findings - and then the findings are reported.

For example, an analyst might add an API named readBuffer( ), which is a BufferOverflow type. Subsequent scans then refer to this new API when AppScan Source for Analysis finds a vulnerability that meets its specification. For more details about vulnerability types, see the AppScan Source Security Knowledgebase (select Help > Security Knowledgebase in the main workbench menu).

When you add custom validation and encoding routines, AppScan Source for Analysis no longer treats data passed into and out of those routines as vulnerable. By adding a custom routine to the Knowledgebase, AppScan Source for Analysis determines whether data flows from a source of a tainted input to an output without validation or encoding.