Resolving security issues and viewing remediation assistance
AppScan® Source alerts you to security errors or common design flaws and assists in the resolution process. The AppScan Source Security Knowledgebase - and internal or external code editors - help with this process.
About this task
The AppScan Source Security Knowledgebase offers
suggestions for correcting findings. This in-context intelligence
for each vulnerability offers precise descriptions about the root
cause, severity of risk, and actionable remediation advice. For example,
it describes strcpy(), a Buffer Overflow type, as
having a high severity level and provides this remediation assistance:
strcpyis susceptible to destination buffer overflow because it does not know the length of the destination buffer and therefore cannot check to make sure it does not overwrite it. You should consider usingstrncpythat takes a length parameter.strncpyis a security risk as well, although to a lesser degree.
To view the AppScan Source Security Knowledgebase:
Procedure
- In AppScan Source for Analysis, open the How to Fix view and then select a finding in the findings table. Remediation assistance for that particular finding displays. Alternately, select from the main menu bar to open the entire AppScan Source Security Knowledgebase in a browser.
- In AppScan Source for Development (Eclipse plug-in), open the How to Fix view and then select a finding in the findings table. Remediation assistance for that particular finding displays.
- In AppScan Source for Development (Visual Studio plug-in), select a finding in a findings table. Select from the main menu bar - or right-click the finding and select Knowledgebase Help from the menu. This opens the remediation assistance for the selected finding.