Editing a Test Policy

Test Policy view can be used to fine-tune your selected test policy.

About this task

You can fine-tune the current test policy by adding or deleting tests, and also export the changed configuration as a user-defined test policy for future use.

Procedure

  1. In the Scan Configuration dialog box, click Test Policy (or in Scan Configuration Wizard > Test Policy).

    The upper area lists all AppScan® tests and indicates which are included in the current scan (check box selected).

  2. Include/exclude tests or variants by selecting/deselecting the check box(es). (To view individual variants, click the + icon next to a Test Name.)
    Note: For each test the following information is listed: Name, Variant ID, CVE ID, CWE ID, Severity assigned to the issue (and whether the severity is CVSS or user-assigned), Type, Invasiveness, WASC threat classification, and XFID (X-Force ID). You can Sort tests by any of these fields, by clicking on the column header.
    Note: The Search facility lets you search for tests using free text search.
  3. In the Information field at the top right of the dialog, you can edit the description.
  4. New tests are continually being added to AppScan's database of tests. By default, all new tests except Invasive tests are added to all user-defined test policies. However, you can define which groups in your policy will be updated: Click Update Settings, select/deselect check boxes in the Test Policy Update Settings dialog box as required, then click OK.


    The dialog box contains three groups: Test Type, Test Invasiveness, and Test Severity. Only the tests that belong to a selected category in all three groups will be added to the current policy, when new tests are added to your AppScan database of tests. For example: If you select High Severity, but deselect Invasive, high severity, invasive tests will not be added to this policy when updates become available.

  5. You can optionally give the scan a name and save it for future use (click Export, and save in .policy format).
  6. Click OK to save the changes to the current Test Policy.