Content-based view

Lets you define a logical structure for the application tree, for cases where a URL-based tree will just be a long list under one or two URLs. This is not essential, but can make it much easier to navigate results.

The default application tree is URL-based, and in most cases it is a logical, hierarchical structure that is useful for navigating an reviewing the results. For single-entry-point applications such as MVC, where many pages have the same URL, rules for a content-based application tree can be defined here, based on internal navigational methods instead of URLs.

If your site content is structured in such a way that the URLs reflect a folder-like hierarchy, the URL-based application tree will automatically reflect this, making the results easy to navigate.
If your site uses "breadcrumbs", or other "content-based" navigational methods, so that the URLs do not indicate the user's "location" within the site, it is recommended that you "teach" AppScan® how the site is "logically" structured, so it can present the scan results in an easily understood format, rather than long lists of results under one or two URLs. This is not essential, but will make it easier for you to navigate the results.

For example, the code snippet below has a logical structure Home | Buy | Books and it would be useful to structure the results so that "Books" appears under "Buy", and "Buy" under "Home".

<td class="navigation">
    <a href="http://www.onlineshop.com/">Home</a> &gt;
    <a href="http://hub.onlineshop.com/buy?ssPageName=h:h:cat:US">Buy</a> &gt;
    <b>Books<b>
</td>

To do this, you define the rules that will enable AppScan® to identify and extract the relevant content (in this case "Home", "Buy" and "Books") to construct a content-based tree.

Once you have defined the rules, you can select the Content-Based option in the Application Tree, to display the results using this information. (See Issues: Application tree.)

Note: The total number of security issues (shown at the top of the Result list) is a measure of the vulnerable locations in the site, and depends in part on how site is structured. If you define a content-based structure, the total number of issues in the application tree may not be the same as it is for the URL-based application tree (for the same results). When site structure is content-based (rather than URL-based), and content-based view is configured correctly, the issue count in content-based view represents more accurately the number of "vulnerable locations" that exist in the site. The total number of variants (at the top of the Result List in parentheses) is independent of site structure, and does not change between content-based and URL-based views.