Content-Based Results view

Define a logical structure for the application tree, if AppScan® will not be able to do this based on URL structure.

  • If your site content is structured in such a way that the URLs reflect a folder-like hierarchy, the scan results will automatically reflect this, making them easy to navigate.
  • If your site uses "breadcrumbs", or other "content-based" navigational methods, so that the URLs do not indicate the user's "location" within the site, it is recommended that you "teach" AppScan® how the site is "logically" structured, so it can present the scan results in an easily understood format, rather than long lists of results under one or two URLs. This is not essential, but will make it easier for you to navigate the results.

For example, the code snippet below has a logical structure Home | Buy | Books and it would be useful to structure the results so that "Books" appears under "Buy", and "Buy" under "Home".

<td class="navigation">
    <a href="http://www.onlineshop.com/">Home</a> &gt;
    <a href="http://hub.onlineshop.com/buy?ssPageName=h:h:cat:US">Buy</a> &gt;
    <b>Books<b>
</td>

To do this, you define the rules that will enable AppScan® to identify and extract the relevant content (in this case "Home", "Buy" and "Books") to construct a content-based tree.

Once you have defined the rules, you can select the Content-Based option in the Application Tree, to display the results using this information. (See Issues: Application tree.)

Note: The total number of security issues (shown at the top of the Result list) is a measure of the vulnerable locations in the site, and depends in part on how site is structured. If you define a content-based structure, the total number of issues in the application tree may not be the same as it is for the URL-based application tree (for the same results). When site structure is content-based (rather than URL-based), and content-based view is configured correctly, the issue count in content-based view represents more accurately the number of "vulnerable locations" that exist in the site. The total number of variants (at the top of the Result List in parentheses) is independent of site structure, and does not change between content-based and URL-based views.