Editing a test policy

Test Policy view can be used to fine-tune your selected test policy.

About this task

You can fine-tune the current test policy by adding or deleting tests, and also export the changed configuration as a user-defined test policy for future use.

Procedure

  1. In Configuration Configuration > Test policy and optimization select or Browse to the policy.

    The policy name appears in the drop-down field.

  2. Click Manage test policy.
  3. Include/exclude tests or variants by selecting/deselecting the check box(es). (To view individual variants, click the > icon next to a Test Name.)
    Note: For each test the following information is listed: Name, Variant ID, CVE ID, CWE ID, Severity assigned to the issue (and whether the severity is CVSS or user-assigned), Type, Invasiveness, WASC threat classification, and XFID (X-Force ID). You can Sort tests by any of these fields, by clicking on the column header.
    Note: The Search facility lets you search for tests using free text search.
  4. New tests are continually being added to AppScan's database of tests. By default, all new tests except Invasive tests are added to all user-defined test policies. However, you can define which groups in your policy will be updated: On the vertical three-dot menu Update Settings, select/deselect check boxes in the Policy update settings.

    The dialog box contains three groups: Test Type, Test Invasiveness, and Test Severity. Only the tests that belong to a selected category in all three groups will be added to the current policy, when new tests are added to your AppScan® database of tests. For example: If you select High Severity, but deselect Invasive, high severity, invasive tests will not be added to this policy when updates become available.

  5. Optional: Name the modified test policy and save it for future use (click Export, and save in .policy format).
  6. Optional: To view all the tests per version of AppScan Standard, you can export the entire list of tests (only tests, not the variants) to a CSV file, regardless of whether the tests are enabled. On the vertical three-dot menu, click Export all tests to CSV.