Application attributes

Application attributes are the properties of the application, and appear as column headers in Applications view. ASoC).

You can:
  • Filter the application list by attributes, to focus on what you want to investigate
  • Edit many attribute of an application.
The table below describes the attributes that you can edit (Date created and Last updated are controlled by ASoC and cannot be edited).
Attribute Description
Name Use a unique name.
Business impact Indicates how critical this application is to your business. User controlled.
Business unit Business units are optional, but can be a useful way of grouping your applications according to your organizational structure, for example: "Marketing", "R&D", "Sales", "Support" and so on. Knowing the business unit can help you to identify areas of concern.
  • An administrator can create and manage business units (including merging two business units into one) in the Settings page.
  • An application manager can select the appropriate business unit when creating a new application or editing the application details.
  • Any user can filter the applications displayed in the dashboard by business unit.
Note that an application can belong to only one business unit.

To can change the business unit of an application click Manage > Edit application.

Administrators only can create and manage business units in Organization > Settings.

Asset group Identifies the asset group the app belongs to. Administrators can restrict access to specific applications by assigning them to an asset group and limiting the users who belong in the group.
Testing status Indicate Not Started, In Progress, or Completed in this field. This attribute appears as a summary chart and can also be filtered in the application grid.
  • When you create a scan, Testing Status for the application changes to "In progress".
  • When you Reset an application (UI: Edit > Reset > Delete all… | API: Apps/Reset/Delete Issues), the application's Testing Status changes to "Not started".
Risk rating This indicates the aggregated business risk for this application. It is based on two factors: the highest Severity level of the Open Issues in the application, and the Business Impact as defined by the user. There are four levels: Low, Medium, High, Critical. If there are no open issues, or if Business Impact is Unspecified, Risk Rating will show as Unknown.
Critical/High/Medium/Low issues The total number of issues with this severity in the application. These numbers are updated whenever issues are managed or a scan is run.
Issues in progress The aggregated numbers of issues that are currently being fixed for each application (that is, Status = In progress). These numbers are updated whenever the issue status is updated.
Description Further identifies the application for other users to understand its significance.
Last updated This field is only updated when a user updates a value for an application attribute. The following events do not trigger the field to update:
  • scan is run
  • issues are imported
  • issues are triaged
  • formulas are changed
New/Open/Fixed/Total issues
  • New Issues: The number of issues with issue status = New.
  • Open Issues: The number of issues that have an issue status of "New", "Open", "Reopened", "In Progress" with a severity of "Low" or higher.
  • Fixed Issues: The number of issues that have an issue status of "Fixed" with a severity of "Low" or higher.
  • Total Issues: The sum of Open Issues and Fixed Issues.
Type Use this attribute to indicate whether this application is run or viewed on the web, mobile, or desktop. You might also indicate All if the application can be viewed on all types of devices.
URL The unique URL of the web application.
Hosts The IP address or server name where the application is hosted. If necessary, enter multiple values, and separate them by commas.
Business owner Indicates who owns responsibility overall for the successful implementation and delivery of the application.
Development contact Indicates the developer or the team lead responsible for this application.
Tester Indicates the focal point for security testing of this application.
Collateral damage potential The potential for damage or theft if the application is vulnerable. (CVSS Environmental metric)
Target distribution The proportion of systems in the environment that are potential targets. (CVSS Environmental metric)
Availability requirement The relative importance of availability of information. (CVSS Environmental metric)
Confidentiality requirement The relative importance of confidentiality of user information. (CVSS Environmental metric)
Integrity requirement The relative importance of integrity, or accuracy, of information. (CVSS Environmental metric)