CWE support
CWE (Common Weakness Enumeration) is an industry standard list that provides common names for publicly known software weaknesses. This makes it easier to share data across separate databases and tools. (For more details see the CWE website at: http://cwe.mitre.org/)
AppScan advisories for vulnerabilities that have been assigned a CWE ID include the reference number, and a link to the description on the CWE website. Where specific vulnerabilities have their own CWE ID (in addition to the ID for the issue), this is shown in the Variant Details pane.
You can:
- View the CWE ID for an issue in the advisory for that issue (see How to Fix tab)
- View the CWE ID for a variant, and its parent issue, in the Variant Details tab (see Variant details)
- Click on the CWE ID to link to its description on the CWE website
- Include CWE IDs (as part of the advisory) in reports
- Search for a particular CWE by searching for its reference number in Test Policy view
For the version of the CWE database used in the current version of AppScan, refer to the Release Notes located in [AppScan Standard installation directory]\Docs. If a daily update changes the database used, the change will be listed in the Update Log (Help menu > Update Log).