Findings are classified by AppScan® Source to indicate whether they are security or scan coverage findings. Security findings represent actual or likely security vulnerabilities - whereas scan coverage findings represent areas where configuration could be improved to provide better scan coverage.

Each finding falls into one of these classifications:

  • Definitive security finding: A finding that contains a definitive design, implementation, or policy violation that presents an opportunity for an attacker to cause the application to operate in an unintended fashion.

    This attack could result in unauthorized access, theft, or corruption of data, systems, or resources. Every definitive security finding is fully articulated, and the specific underlying pattern of the vulnerable condition is known and described.

  • Suspect security finding: A finding that indicates a suspicious and potentially vulnerable condition that requires additional information or investigation. A code element or structure that can create a vulnerability when used incorrectly.

    A suspect finding differs from a definitive finding because there is some unknown condition that prevents a conclusive determination of vulnerability. Examples of this uncertainty can be the use of dynamic elements, or of library functions for which the source code is not available. As a result, there is an additional level of research that is required to confirm or reject a suspect finding as definitive.

  • Scan coverage finding: Findings that represent areas where configuration could be improved to provide better scan coverage (for example, lost sink findings).
Note: In some cases, a classification of None may be used to denote a classification that is neither a security finding nor a scan coverage finding.