Glossary

This glossary includes terms and definitions for HCL® AppScan® Source.

The following cross-references are used in this glossary:

See refers you from a term to a preferred synonym, or from an acronym or abbreviation to the defined full form.
See also refers you to a related or contrasting term.

A

application: One or more computer programs or software components that provide a function in direct support of a specific business process or processes.
assembly: A collection of types and resources that form a unit of deployment, version control, reuse, activation scoping, and security permissions in .NET Framework applications.
assessment: A collection of findings as a result of scanned code that a user can work with, save, and share with other people.
attack: Any attempt by an unauthorized person to compromise the operation of a software program or networked system.
attribute: A characteristic of an application that helps organize the scan results into meaningful groupings, such as by department or project leader.

bundle: A set of findings that the user creates. Bundles can be exported and shared between people and applications.

callback: A way for one thread to notify another application thread that an event has happened.
call graph: A graph that uses lines represents the flow of data between subroutines in a program.
cross-site scripting: An attack technique that forces a website to echo client-supplied data, which execute in a user's Web browser.

defect: A type of change request that identifies an anomaly or flaw in a work product.

encode: In computer security, to convert plaintext into an unintelligible form by means of a code system.
exception: An indication of a suspicious and potentially vulnerable condition that requires additional information or investigation.
exclusion: A finding that a user can mark and ignore.

filter: A set of rules that defines findings with certain traits.
finding: The discovery of an instance of a security exposure in code. AppScan® divides findings into two categories: vulnerability and exception.
fix group: Gropuing of findings based on vulnerability type and required remediation task.

perspective: A group of views that show various aspects of the resources in the workbench.

scan: The process of AppScan® exploring and testing an application and providing the results.
pattern rule: A pattern or regular expression that is searched during a scan.
sink: Any external format to which data can be written out. Sink examples include database, files, console output, and sockets.
socket: A communications handle used by TCP/IP.
stack: An area in memory that typically stores information such as temporary register information, values of parameters, and return addresses of subroutines and is based on the principle of last in, first out (LIFO).

taint: Insecure data that is allowed to flow through the code.
triage: The process of evaluating findings and determining how to resolve them.

V-Density: A numerical expression that enables a consistent way to evaluate the vulnerability of your applications. V-Density is calculated by relating the number and criticality of vulnerabilities and exceptions to the size of the application or project being analyzed.
vulnerability analysis cache: A cache of vulnerabilities found during a scan of source code that can be used for subsequent scans to reduce scan time.

workbench: The user interface and integrated development environment (IDE) in Eclipse and Eclipse-based tools such as IBM® Rational® Application Developer.