Resolving security issues and viewing remediation assistance

AppScan® Source alerts you to security errors or common design flaws and assists in the resolution process. The AppScan Source Security Knowledgebase - and internal or external code editors - help with this process.

About this task

The AppScan Source Security Knowledgebase offers suggestions for correcting findings. This in-context intelligence for each vulnerability offers precise descriptions about the root cause, severity of risk, and actionable remediation advice. For example, it describes strcpy(), a Buffer Overflow type, as having a high severity level and provides this remediation assistance:

strcpy is susceptible to destination buffer overflow because it does not know the length of the destination buffer and therefore cannot check to make sure it does not overwrite it. You should consider using strncpy that takes a length parameter. strncpy is a security risk as well, although to a lesser degree.

To view the AppScan Source Security Knowledgebase:

Procedure

  • In AppScan Source for Analysis, open the How to Fix view and then select a finding in the findings table. Remediation assistance for that particular finding displays. Alternately, select Help > Security Knowledgebase from the main menu bar to open the entire AppScan Source Security Knowledgebase in a browser.
  • In AppScan Source for Development (Eclipse plug-in), open the How to Fix view and then select a finding in the findings table. Remediation assistance for that particular finding displays.
  • In AppScan Source for Development (Visual Studio plug-in), select a finding in a findings table. Select AppScan Source > Knowledgebase Help from the main menu bar - or right-click the finding and select Knowledgebase Help from the menu. This opens the remediation assistance for the selected finding.