Environment Definition view

Environment Definition view of the Configuration dialog box.

Environment definition is not essential, but enables AppScan® to safely refrain from sending non-relevant tests during the scan, resulting in a faster and more accurate scan.

Note: Where relevant, some of the list boxes allow you to select more than one option by pressing the Ctrl key when selecting items in a list.

Metric

Comments

Operating System

Operating System of application being scanned.

Web Server

Select all applicable answers. To select more than one option use [Ctrl] + Click.

Application Server (if any)

Select all applicable answers. To select more than one option use [Ctrl] + Click.

Type of Database (if any)

Select all applicable answers. To select more than one option use [Ctrl] + Click.

Third-Party Component (if any)

Select all applicable answers. To select more than one option use [Ctrl] + Click.

Location of Site

Whether the site is remote or local.

Type of Site

Whether it is a test site or a live production site.

Deployment Method

Whether the site is deployed internally (private site), or externally (on the Internet).

Collateral Damage Potential

The potential for damage or theft if the application is vulnerable.

Target Distribution

The proportion of systems in the environment that are potential targets.

Availability Requirement

The relative importance of availability (of information).

Confidentiality Requirement

The relative importance of confidentiality (of user information).

Integrity Requirement

The relative importance of integrity (accuracy) of information.

Note: The last five items are the Environmental CVSS metrics for the site, based on CVSSv2. If you define the relative importance of these metrics in your application environment, AppScan® will take these definitions into account when assigning severity values to vulnerabilities it finds during the scan. These definitions are global. (You can adjust the Environmental Metrics for a specific issue from the Detail Pane > Severity > Open CVSS Panel, see CVSS settings.)