Home
Extending product function
Learn how to extend the product.
Customizing the vulnerability database and pattern rules
This section describes how to customize the database and integrate customized vulnerabilities and other routines into scans.
Customizing input/output tracing through AppScan® Source trace
Some applications (particularly web applications) require input/output tracing to identify security vulnerabilities related to SQL injection, command injection, and cross-site scripting. Through AppScan® Source trace, you can specify a validation routine that, if used, eliminates the reporting of any vulnerability. All other outputs are marked as vulnerabilities if input has not been validated.

Customizing input/output tracing through AppScan Source trace

Some applications (particularly web applications) require input/output tracing to identify security vulnerabilities related to SQL injection, command injection, and cross-site scripting. Through AppScan® Source trace, you can specify a validation routine that, if used, eliminates the reporting of any vulnerability. All other outputs are marked as vulnerabilities if input has not been validated.

User-defined validation routines are routines that process input data and make it safe to pass to output routines. If a validation routine processes input data before passing it to an output routine, no input validation vulnerability exists. Developers may specify their own input validation and encoding routines to work with tracing.