Customizing input/output tracing through AppScan® Source trace

Some applications (particularly web applications) require input/output tracing to identify security vulnerabilities related to SQL injection, command injection, and cross-site scripting. Through AppScan® Source trace, you can specify a validation routine that, if used, eliminates the reporting of any vulnerability. All other outputs are marked as vulnerabilities if input has not been validated.

User-defined validation routines are routines that process input data and make it safe to pass to output routines. If a validation routine processes input data before passing it to an output routine, no input validation vulnerability exists. Developers may specify their own input validation and encoding routines to work with tracing.