Security reports
The Security report provides information about security issues discovered, and you can choose from a variety of templates depending on the type of content you need.
About this task
You can create a security report that covers the whole scan, or for a particular URL or folder in the application tree.
Each report template is a set of content topics that are relevant to different audiences within your organization. The topics contain scan results from each of the views (Security Issues, Remediation Tasks, Application Data), formatted for easy printing, readability, and rapid comprehension of what the results mean, why they are relevant, and how to fix them.
Security Report Options
The table following summarizes the options in the Security Reports dialog box.
Option |
Description |
---|---|
Template |
Select one of several templates for the report, or define your own, by
selecting/clearing check boxes in the right-hand pane, as described in the table
following.
|
Min. Severity |
Select the lowest level of severity for issues to be included in the report. |
Test Type |
Select which types of test results to include in the report: All, Application, Infrastructure, or Third-Party Web Component tests. |
Group by |
Select whether to group issues by type or URL. |
Limit number of variants per issue |
You can reduce the length of the report by limiting the number of variants listed per issue if this level of detail is unlikely to be useful to the recipient of the report. |
After selecting any template as a basis, you can customize the individual report structure by selecting/deselecting the fields of information to be included. If you do this the template name changes to "Custom template".
Security Report Sections
Report Section |
Description |
---|---|
Introduction |
A short section that provides some general information about the scan, including such details as overall number of issues found (High, Medium, Low and Informational), and login settings. This section is included in all reports. |
Summary |
A series of tables summarizing the following information about the scan, or the
part of the scan included in the report:
|
Security Issues |
Issues found in your application:
|
Advisories and Fix Recommendations |
Technical explanations of the issues found and recommendations for fixing
them.
Note: To include fix recommendations specific to .NET, Java EE and PHP
environments, go to Tools > Options > Preferences and select the required
options. |
Remediation Tasks |
Suggested tasks for improving site security based on the issues found. One task may solve more than one issues. |
Application Data |
List of data that AppScan found in your web application: Application URLs, Script Parameters, Broken Links, Comments, JavaScripts, Cookies, and Filtered URLs. |
Procedure
- Select the scan content on which to base the report:
- To create a report for the whole scan, click Tools > Report > Security Report.
- To create a report for a particular URL or folder that was included in the scan, right-click on the node in the application tree, and then select Report for this node > Security.
- Select the relevant template, or define your own report content by selecting/clearing check boxes in the right pane.
- Select the options required.
- To save the configuration for future use, click Save template and give the template a unique name.
- To customize the layout of the report, click the Customize report layout link. See Customizing the report layout for details.
- Click Create and then select the output format required: PDF, HTML, TXT, RTF, or XML.
-
Click Save.
AppScan displays a status bar to show the progress of report creation.
-
Click Open report to view the report.
The report opens in a new tab for viewing.