Environment Definition

Environment Definition view of the Configuration dialog box.

Environment definition is not essential, but enables AppScan® to safely refrain from sending non-relevant tests during the scan, resulting in a faster and more accurate scan.

Note: Where relevant, some of the list boxes allow you to select more than one option by pressing the Ctrl key when selecting items in a list.

Metric

Comments

Operating System

Operating System of application being scanned.

Web Server

Select all applicable answers.

Application Server (if any)

Select all applicable answers.

Type of Database (if any)

Select all applicable answers.

Third-Party Component (if any)

Select all applicable answers.

Location of Site

Type of Site

Deployment Method

Collateral Damage Potential

The potential for damage or theft if the application is vulnerable.

Target Distribution

The proportion of systems in the environment that are potential targets.

Availability Requirement

The relative importance of availability (of information).

Confidentiality Requirement

The relative importance of confidentiality (of user information).

Integrity Requirement

The relative importance of integrity (accuracy) of information.

Note: The last five items are the Environmental CVSS metrics for the site. If you define the relative importance of these metrics in your application environment, AppScan will take these definitions into account when assigning severity values to vulnerabilities it finds during the scan.