Customizing with pattern-based rules

AppScan® Source pattern-based scanning is an analysis of your source code based on customized search criteria. Pattern-based scanning is similar to grep (grep searches one or more files for a given character string or pattern). Auditors or security analysts performing triage might use pattern-based scanning to search for specific patterns in specific applications or in a project. Once you define a pattern as a vulnerability type, a scan of your source code identifies the pattern as a vulnerability. When AppScan® Source finds a match, the item appears in the findings table. The out-of-the-box AppScan® Source rule library includes predefined rules and rule sets (collections of rules).

Pattern-based scanning searches for a regular expression. A regular expression, often called a pattern, is a string that describes or matches a set of strings, according to certain syntax rules. You specify a search by creating a rule. A rule is similar to a custom rule that you add to the AppScan® Source Security Knowledgebase in the Custom Rules view. When you create a rule, you define severity, classification, vulnerability type, and other criteria.

The Pattern Rule Library view allows you to create new pattern rules and rule sets - and modify or remove existing ones. You then use the Properties view for a selected application, the Properties view for a selected project, or scan configurations to apply the pattern rules and rule sets (you can also launch the dialog box that allows you to create a new rule from these views). To learn more about applying rules and rule sets, see Applying pattern rules and rule sets.

Examples of pattern rules that can be created include:

  • File name pattern matches
  • Single rule with multiple patterns
  • Absence rules
Note: You must have Manage Patterns permission to be able to create pattern rules or rule sets - or to modify and remove custom rules and rule sets.