Remediation Assistance view

The AppScan® Source Security Knowledgebase provides context-specific intelligence for each vulnerability. The Knowledgebase tells you what the vulnerability is, why it is insecure, how to fix it, and how to avoid it in the future. Once you scan source code, the Knowledgebase provides the specific information needed to eliminate the risk from your mission-critical applications. Knowledgebase remediation advice appears in the Remediation Assistance view. Once you scan, the Knowledgebase provides the specific information needed to eliminate the risk from your mission-critical applications.

To view the Knowledgebase and obtain remediation advice

  • Select a finding in a findings table, and then open the Knowledgebase Help or Remediation Assistance view.
  • In AppScan Source for Analysis, you can also select Help > Security Knowledgebase from the menu to see the entire Knowledgebase.

Specific APIs in the database list the severity level and the severity type. For example, the API, strcpy(), a Buffer Overflow type, has a High severity level. The description states that strcpy() is susceptible to destination buffer overflow because it does not know the length of the destination buffer and therefore cannot check to make sure it does not overwrite it. Fix this problem by using strncpy (), which takes a length parameter.

If the finding has an associated Common Weakness Enumeration (CWE) ID, from the Remediation Assistance view, a hyperlink to the CWE topic (CWE: <id>) at http://cwe.mitre.org/data/definitions/<CWE_ID>.html appears.