Extending the AppScan® Source Security Knowledgebase
This section describes how to customize the database and integrate customized vulnerabilities and other routines into scans. Custom rules tailor the AppScan® Source Security Knowledgebase (or vulnerability database) to your specific security standards and apply those standards consistently across your enterprise.
Often it becomes important to specify your own validation and encoding routines - or to define certain application programming interfaces (API) as vulnerabilities, sinks and sources, taint propagators, or informational items. When you create these rules, you customize and extend the AppScan® Source vulnerability database, an integral part of theAppScan® Source Security Knowledgebase. Once you add a custom rule to the database, AppScan® Source for Analysis identifies it during a scan. Calls to the custom API are revealed as security findings or scan coverage findings - and then the findings are reported.
For example, an analyst might add an API named readBuffer(
)
, which is a BufferOverflow
type. Subsequent
scans then refer to this new API when AppScan® Source for
Analysis finds
a vulnerability that meets its specification. For more details about
vulnerability types, see the AppScan® Source Security Knowledgebase (select in the main workbench menu).
When you add custom validation and encoding routines, AppScan® Source for Analysis no longer treats data passed into and out of those routines as vulnerable. By adding a custom routine to the Knowledgebase, AppScan® Source for Analysis determines whether data flows from a source of a tainted input to an output without validation or encoding.
Knowledgebase Management
permissions
to make changes to the AppScan® Source Security Knowledgebase.