Customizing input/output tracing through AppScan® Source trace
Some applications (particularly web applications) require input/output tracing to identify security vulnerabilities related to SQL injection, command injection, and cross-site scripting. Through AppScan® Source trace, you can specify a validation routine that, if used, eliminates the reporting of any vulnerability. All other outputs are marked as vulnerabilities if input has not been validated.
User-defined
validation routines are routines that process input data and make
it safe to pass to output routines. If a validation routine processes
input data before passing it to an output routine, no input validation
vulnerability exists. Developers may specify their own input validation
and encoding routines to work with tracing.