Home
Reference
Review reference information for the product.
Triage with reports
Reports are automatically generated after a job has run. They provide a way of managing issues so that you can helps you manage issues that are important to your organization and do so in a way that is supported both by the Enterprise Console's workflow and the workflows of other processes within your organization.
Organizing report and dashboard results for analysis
A tremendous amount of powerful data is delivered through the reports. But not every organization wants to review their data in exactly the same way as everybody else. Flexible viewing mechanisms help you organize how you review your issues in whatever way makes the most sense to you.
Reports
Security Reports
Learn more about Security Reports.
Code Analysis Security Issues report
This report displays the security issues imported from AppScan® Developer Edition.

Reference
Review reference information for the product.
- Configuring Wizard topics
  Learn about configuring wizard topics.
- Folder Explorer topics
  Learn about folder explorer topics.
- Triage with reports
  Reports are automatically generated after a job has run. They provide a way of managing issues so that you can helps you manage issues that are important to your organization and do so in a way that is supported both by the Enterprise Console's workflow and the workflows of other processes within your organization.
  - Summarizing issues in report packs
    A report pack is a bundle of reports that summarizes the issues discovered within its reports and provides a window into those reports. The reports themselves contain the details of the issues found on your website or application.
  - Organizing report and dashboard results for analysis
    A tremendous amount of powerful data is delivered through the reports. But not every organization wants to review their data in exactly the same way as everybody else. Flexible viewing mechanisms help you organize how you review your issues in whatever way makes the most sense to you.
    - Grouping report data
      Grouping report results by different data sets (such as page, or context or IP address) helps make the report data more relevant to your analysis needs.
    - Searching report data
      You can search for specific issues or information within each report's results. For example, you might want to find all the issues within a certain directory of the Page URL. Or you might want to track a particular issue throughout your remediation process; enter the Issue ID in the Search tab to locate it within the relevant report.
    - Identifying pages with identical URLs in reports
      When your report contains a list of identical URLs, it is likely because your site uses static URLs. In these cases, the page content can be determined through the use of either POST data or cookie information.
    - Managing issues in a report
      All issues are classified as open by default. You can see an issue classification by grouping by Issue Status.
    - Exporting data for offline analysis
      Exporting report data is useful if you have team members that do not directly access the Enterprise Console; you can export the report data to an XML file, Excel spreadsheet, pdf or CSV file for them to use.
    - Correlating static analysis data with dynamic analysis data
      Import data from AppScan® Source to correlate its findings with an existing dynamic analysis security scan (AppScan Enterprise Server content scan job or an AppScan Standard import job).
    - Reports
      - Security Reports
        Learn more about Security Reports.
        Code Analysis Security Issues report
        This report displays the security issues imported from AppScan® Developer Edition.
        Control Inventory report
        This report displays an inventory of form controls found during a content scan to help you determine where privacy choices are being offered (opt-in or opt-out). A form control is a component of a form such as a data collection field.
        Cookie Inventory report
        This report provides information about the content and security of each cookie that is found on a website: a list of pages where the cookie is set, the particular PageComponent that sets the cookie, whether it is a third-party cookie, the domain the data is returned to, the level of security on the cookie, and if the cookie contains a compact policy. The information in this report helps you evaluate if cookie use is in accordance with your privacy policy.
        Correlated Security Issues report
        This report displays the correlated issues between the static analysis issue data imported from AppScan® Source and the dynamic analysis issues discovered by AppScan Enterprise, AppScan Standard, or AppScan Developer.
        Correlated Security Issues (AppScan® DE) report
        This report displays the correlated issues between the code analysis issue data imported from AppScan® Developer and the dynamic analysis issues discovered by AppScan Enterprise, AppScan Standard, or AppScan Developer.
        Form Inventory report
        This report provides an inventory of the pages that contain forms and the type of submission method the form uses.
        Pages Collecting PII report
        This report lists all the pages on your site that are collecting Personally Identifiable Information (PII).
        Pages Collecting PII with Forms Using GET report
        This report provides information about the pages on your website that contain forms using the GET submission method to collect visitor information. For those pages that contain information that needs to be protected, change the submission method to use the POST method.
        Pages Collecting PII without a Privacy Statement Link report
        This report displays the pages collecting PII with forms but that do not have a privacy statement link. Use this list to determine if a website visitor might think the data collected by the form is personal. For those pages that do collect personal information, provide a link to a privacy statement on the page that is requesting the information.
        Pages Collecting PII without Security report
        This report displays the pages collecting PII without security that contain forms.
        Remediation Tasks report
        This report provides solutions designed to address correlated security issues (dynamic and static analysis) that were detected on your site. Remediation tasks are consolidated by the type of remediation that can be performed to address issues.
        Security Issues report
        This report lists all the application and infrastructure security issues found on your website, correlated from static and dynamic analysis.
        Security Risk Assessment report
        This report presents the same correlated security issues (dynamic and static analysis) as found in the Remediation Tasks report, but ordered and presented as risks or "worst case scenarios". This report takes advantage of an evaluation of issue severity, by an escalating scale, to determine how compromised the web property is.
        Static Analysis Quality Issues report
        This report displays the static analysis data for quality issues imported from AppScan® Source.
        Static Analysis Security Issues report
        This report displays the static analysis data imported from AppScan® Source.
      - Inventory Reports
        Learn more about Inventory Reports.
    - Track progress with executive dashboards
      Use the dashboard to track and consolidate the severity metrics and trends of your web applications or website over time. You can combine data from different business areas (such as sales, marketing, or products), specific issue types, or developers so you can see a complete picture of your web properties or applications. Security analysts or web managers can use this high-level view to quickly study interactive reports about the issues.
- Configuration Manager

Code Analysis Security Issues report

This report displays the security issues imported from AppScan® Developer Edition.

Why it matters

White box analysis allows you to check source code for security vulnerabilities in the form of malicious attacks or regular software failures. Early detection and resolution of web application vulnerabilities decreases the risk of attack and saves valuable time and resources. It is good practice to perform white box testing during the unit testing phase.