Customizing the vulnerability database and pattern rules

This section describes how to customize the database and integrate customized vulnerabilities and other routines into scans.

There are multiple stages in the scanning process:

  • A language-specific scan is run using the vulnerability database (or AppScan® Source Security Knowledgebase).
  • Trace is run using the vulnerability database.
  • A pattern-based scan is run using pattern rules from the global pattern rule library.

You can use custom rules to tailor the AppScan Source Security Knowledgebase to your specific security standards and apply those standards consistently across your enterprise. You can also customize pattern rules.