Firebird database structure

When scan results are exported into a Firebird database structure, they can be viewed using one of many ODBC and JDBC database viewers. The structure of the relevant database components is illustrated in the figure below, and described in the following sub-sections.

Note: Some fields in the database are internal AppScan® fields and not relevant to the user. These fields are marked "AppScan® Internal" in the tables following.

Representation of the exported Firebird database structure

Directory

The Directory section of the database contains a line for each directory or sub-directory from the scan.

Field Name

Explanation/Comments

ID

AppScan® ID for the directory

NAME

Directory name

PARENTID

Directory in which this directory is contained (if this is a sub-directory)

PATH

Directory path

DIRTYPE

Directory type: Host/Application

Files

The Files section of the database contains a line for each file.

Field Name

Explanation/Comments

ID

AppScan® ID for the file

FILENAME

Filename

PARENTID

ID of the directory that contains this file

Comments

The Comments section contains a line for each HTML comment found in the site page.

Field Name

Explanation/Comments

ENGINEID

AppScan® ID for the comment

FILEID

ID of file where comment was found

SHORTTEXT

Text of comment (may be truncated)

Cookies

The Cookies section contains a line for each cookie found.

Field Name

Explanation/Comment

ID

AppScan® ID for the cookie

REQCOOKIEID

AppScan® Internal

RESPCOOKIEID

AppScan® Internal

NAME

Name of cookie file

COOKIEVALUE

Value of cookie

SETINURL

Source URL for the cookie

FILEID

AppScan® ID of the file where the cookie is saved

PATH

Path attribute of cookie

COOKIEDOMAIN

Domain attribute of cookie

EXPIRES

Date cookie expires

SECURE

Secure attribute of cookie

Issue types

The Issue Types section contains a line for each issue found.

Field Name

Explanation/Comment

ENGINEID

AppScan® ID for this issue

NAME

Issues name as it appears in the GUI

INVASIVE

Whether issue is invasive: Y/N

SEVERITY

Severity code of this issue as shown in the AppScan® GUI:

4 = All

3 = High

2 = Medium

1 = Low

0 = Informational

THREATCLASS

Threat classification as it appears in the GUI

THREATCLASSREFERENCE

URL to Internet reference on this classification (if relevant)

REMEDIATIONTYPEID

AppScan® ID for the Remediation Type

ADVISORYID

AppScan® Internal

ENTITYTYPE

AppScan® Internal

INFRASTRUCTURE

AppScan® Internal

Javascript

The Javascript section contains a line for each Javascript found in the site pages.

Field Name

Explanation/Comments

ENGINEID

AppScan® ID for the Javascript

FILEID

ID of file where Javascript was found

SHORTTEXT

Text of Javascript (may be truncated)

Remediation types

The Remediation section contains a line for each Remediation.

Field Name

Explanation/Comments

ENGINEID

AppScan® ID for the remediation type

NAME

Name of the remediation type as it appears in the GUI

REMEDIATIONPRIORIY

Remediation priority code (1=highest)

Requests

The Requests section contains a line for each test request sent.

Field Name

Explanation/Comments

ENGINEID

AppScan® ID for the test request

FILEID

AppScan® ID of the file to which the request was sent

URL

URL of the request

QUERY

Parameters sent in the request

STATUS

AppScan® Internal

REASONID

AppScan® Internal

XMLTYPE

AppScan® Internal

LOGINTYPE

AppScan® Internal

Script parameters

This section contains a line for each parameter that was sent in test request.

Field Name

Explanation/Comments

ENGINEID

AppScan® ID for the parameter

FILEID

ID of file where parameter was sent

NAME

Actual parameter that was sent

PARAMETERTYPE

Parameter type: Get/Post

Variants

The Variants section contains a line for each variant.

Field Name

Explanation/Comments

ENGINEID

AppScan® ID for the variant.

ENTITYNAME

Name of cookie to which variant sent (is applicable)

FILEID

ID of file to which variant was sent

ISSUETYPE

Issue type name as it appears in the GUI

REMEDIATIONTYPE

AppScan® Internal

SEQUENCEINDEX

AppScan® Internal