Firebird database structure
When scan results are exported into a Firebird database structure, they can be viewed using one of many ODBC and JDBC database viewers. The structure of the relevant database components is illustrated in the figure below, and described in the following sub-sections.
Directory
The Directory section of the database contains a line for each directory or sub-directory from the scan.
Field Name |
Explanation/Comments |
|---|---|
ID |
AppScan ID for the directory |
NAME |
Directory name |
PARENTID |
Directory in which this directory is contained (if this is a sub-directory) |
PATH |
Directory path |
DIRTYPE |
Directory type: Host/Application |
Files
The Files section of the database contains a line for each file.
Field Name |
Explanation/Comments |
|---|---|
ID |
AppScan ID for the file |
FILENAME |
Filename |
PARENTID |
ID of the directory that contains this file |
Comments
The Comments section contains a line for each HTML comment found in the site page.
Field Name |
Explanation/Comments |
|---|---|
ENGINEID |
AppScan ID for the comment |
FILEID |
ID of file where comment was found |
SHORTTEXT |
Text of comment (may be truncated) |
Cookies
The Cookies section contains a line for each cookie found.
Field Name |
Explanation/Comment |
|---|---|
ID |
AppScan ID for the cookie |
REQCOOKIEID |
AppScan Internal |
RESPCOOKIEID |
AppScan Internal |
NAME |
Name of cookie file |
COOKIEVALUE |
Value of cookie |
SETINURL |
Source URL for the cookie |
FILEID |
AppScan ID of the file where the cookie is saved |
PATH |
Path attribute of cookie |
COOKIEDOMAIN |
Domain attribute of cookie |
EXPIRES |
Date cookie expires |
SECURE |
Secure attribute of cookie |
Issue types
The Issue Types section contains a line for each issue found.
Field Name |
Explanation/Comment |
|---|---|
ENGINEID |
AppScan ID for this issue |
NAME |
Issues name as it appears in the GUI |
INVASIVE |
Whether issue is invasive: Y/N |
SEVERITY |
Severity code of this issue as shown in the AppScan GUI: 4 = All 3 = High 2 = Medium 1 = Low 0 = Informational |
THREATCLASS |
Threat classification as it appears in the GUI |
THREATCLASSREFERENCE |
URL to Internet reference on this classification (if relevant) |
REMEDIATIONTYPEID |
AppScan ID for the Remediation Type |
ADVISORYID |
AppScan Internal |
ENTITYTYPE |
AppScan Internal |
INFRASTRUCTURE |
AppScan Internal |
Javascript
The Javascript section contains a line for each Javascript found in the site pages.
Field Name |
Explanation/Comments |
|---|---|
ENGINEID |
AppScan ID for the Javascript |
FILEID |
ID of file where Javascript was found |
SHORTTEXT |
Text of Javascript (may be truncated) |
Remediation types
The Remediation section contains a line for each Remediation.
Field Name |
Explanation/Comments |
|---|---|
ENGINEID |
AppScan ID for the remediation type |
NAME |
Name of the remediation type as it appears in the GUI |
REMEDIATIONPRIORIY |
Remediation priority code (1=highest) |
Requests
The Requests section contains a line for each test request sent.
Field Name |
Explanation/Comments |
|---|---|
ENGINEID |
AppScan ID for the test request |
FILEID |
AppScan ID of the file to which the request was sent |
URL |
URL of the request |
QUERY |
Parameters sent in the request |
STATUS |
AppScan Internal |
REASONID |
AppScan Internal |
XMLTYPE |
AppScan Internal |
LOGINTYPE |
AppScan Internal |
Script parameters
This section contains a line for each parameter that was sent in test request.
Field Name |
Explanation/Comments |
|---|---|
ENGINEID |
AppScan ID for the parameter |
FILEID |
ID of file where parameter was sent |
NAME |
Actual parameter that was sent |
PARAMETERTYPE |
Parameter type: Get/Post |
Variants
The Variants section contains a line for each variant.
Field Name |
Explanation/Comments |
|---|---|
ENGINEID |
AppScan ID for the variant. |
ENTITYNAME |
Name of cookie to which variant sent (is applicable) |
FILEID |
ID of file to which variant was sent |
ISSUETYPE |
Issue type name as it appears in the GUI |
REMEDIATIONTYPE |
AppScan Internal |
SEQUENCEINDEX |
AppScan Internal |