Home
Managing application risk
Follow this workflow to manage application security risks in your organization.
Step 2: Testing applications for vulnerabilities
Learn how to test vulnerabilities identified in an application.
Importing issues from third-party scanners
Learn how to import issues from 3rd-party scanners.
Creating third-party scanners
AppScan Enterprise offers several ways to import issues into the portfolio for triaging.
Creating a scanner profile for importing a CSV file
The scanner profile is used to import security issues (in a CSV file) that are discovered by third-party sources, such as WhiteHat Sentinel, or manual pen testing. Edit issue attributes for each scanner profile so that you can then map the issue attribute names of a third-party source to the issue attribute names that AppScan® Enterprise uses.

Managing application risk
Follow this workflow to manage application security risks in your organization.
- Step 1: Creating an application inventory
  Learn how to create an application inventory.
- Step 2: Testing applications for vulnerabilities
  Learn how to test vulnerabilities identified in an application.
  - Importing issues from third-party scanners
    Learn how to import issues from 3rd-party scanners.
    - Issue attributes
      This table describes a few of the predefined issue attributes in AppScan Enterprise.
    - Creating an issue profile template
      If you are a Product Administrator, you can create customized attributes for the issue profile template. These customized attributes are used whenever a new issue is imported.
    - Creating third-party scanners
      AppScan Enterprise offers several ways to import issues into the portfolio for triaging.
      - Build automation use case
        AppScan Enterprise helps you ensure security in the build automation stage of the software development lifecycle. Automated product build testing can reduce the time to run repetitive tests from days to hours, and many development teams run nightly product builds.
      - Creating a scanner profile for importing a CSV file
        The scanner profile is used to import security issues (in a CSV file) that are discovered by third-party sources, such as WhiteHat Sentinel, or manual pen testing. Edit issue attributes for each scanner profile so that you can then map the issue attribute names of a third-party source to the issue attribute names that AppScan® Enterprise uses.
    - Preparing a CSV file for import
      CSV files of issues must be configured properly to ensure that the issues are successfully imported.
    - Importing issues from a third-party scanner
      Import issues from a third-party scanner or from manual pen testing so that you can triage them. These issues are marked as 'New' so that you can easily identify them in the list of issues that you must address.
    - Importing issues from an exported report from AppScan Standard
      Import issues from AppScan® Standard v9.0.3 so that you can triage them. These issues are marked as 'New' so that you can easily identify them in the list of issues that you must triage.
  - Scenarios for creating scans
    These scenarios are targeted at developers and the security team. Choose the user role that most closely matches your situation.
  - Running and scheduling jobs
    Learn how to run and schedule a job in AppScan Enterprise.
  - Copying a scan between two Enterprise Consoles
    Export scan properties and creating a new scan based on those properties. This is the method you use to copy a scan between two Enterprise Console instances.
  - Stopping a job and then resuming it
    There are three methods you can use to stop a job while it is running. Each method is used for a different reason, which largely depends on whether you want to keep the data or you want to continue running the job from the point where it left off. You can resume a suspended job to continue the scan from where it stopped. A resumed job is handled by the next free agent on any available agent server.
- Step 3: Determining risks and prioritizing vulnerabilities
  Learn how to determine risks and prioritize vulnerabilities identified in an application.
- Step 4: Remediating risks
  Learn how to remediate risks identified in an application.
- Step 5: Measuring progress and demonstrating compliance
  Learn how to measure progress and demonstrate compliance.

Creating a scanner profile for importing a CSV file

The scanner profile is used to import security issues (in a CSV file) that are discovered by third-party sources, such as WhiteHat Sentinel, or manual pen testing. Edit issue attributes for each scanner profile so that you can then map the issue attribute names of a third-party source to the issue attribute names that AppScan® Enterprise uses.

Procedure

On the Portfolio tab of the Monitor view, go to List menu > Edit Scanner Profile Template.
Create or modify a profile template. Give the profile a name and a description.
Enable the Remove Orphaned Issues check box if you want to remove issues that were previously found in an application but are not included in subsequent imports.
Note: When the check box is enabled, there is the potential to permanently delete all issues with the same scan name and scanner. If you use the same scan name with the same scanner on subsequent imports, any issues that are previously found by the scanner and are not found in the latest results are permanently deleted.
Click Edit to modify the issue attributes:
1. On the Edit Scanner Profile page, define the mapping between the issue attribute names that the third-party scanner uses and the issue attribute names that AppScan® Enterprise uses.
2. Enable the Unique check box if the attribute name helps to identify the issue as a unique issue. If the attribute contributes to uniqueness, it must have a valid value in the CSV file or it isn't imported.
3. Keep the Use Imported Values check box enabled if you want to update an existing issue attribute with values contained in the imported file. If you clear the check box, AppScan Enterprise will retain the value previously used.
4. Click Edit Layout to determine the order in which issue data appears in the About this Issue report for this scanner, and then click OK.
Click OK when you are finished with the template.

What to do next

Importing issues from a third-party scanner