Remediation Assistance view
The AppScan® Source Security Knowledgebase provides context-specific intelligence for each vulnerability. The Knowledgebase tells you what the vulnerability is, why it is insecure, how to fix it, and how to avoid it in the future. Once you scan source code, the Knowledgebase provides the specific information needed to eliminate the risk from your mission-critical applications. Knowledgebase remediation advice appears in the Remediation Assistance view. Once you scan, the Knowledgebase provides the specific information needed to eliminate the risk from your mission-critical applications.
To view the Knowledgebase and obtain remediation advice
- Select a finding in a findings table, and then open the Knowledgebase Help or Remediation Assistance view.
- In AppScan Source for Analysis, you can also select from the menu to see the entire Knowledgebase.
Specific APIs in the database list the severity level and
the severity type. For example, the API, strcpy(),
a Buffer Overflow type, has a High severity level. The description
states that strcpy() is susceptible to destination
buffer overflow because it does not know the length of the destination
buffer and therefore cannot check to make sure it does not overwrite
it. Fix this problem by using strncpy (), which takes
a length parameter.
If the finding has an associated Common
Weakness Enumeration (CWE) ID, from the Remediation Assistance view,
a hyperlink to the CWE topic (CWE: <id>) at http://cwe.mitre.org/data/definitions/<CWE_ID>.html appears.