Creating an application

Create an app and import issues so that you can track security testing progress against the business impact on your critical web apps.

Procedure

  1. From the My Applications tab, click Create App and give the app a unique name.
  2. Edit the attributes and assign them values. You can search all of these attributes when you are triaging your apps for security testing and vulnerability tracking. You might not need to use all the attributes for each app, but the following list describes some key ones to consider editing:
    • Asset Group: Restrict access to this app by assigning it to an asset group. An app can only belong to one asset group. See Asset groups for more information.
      Note: This asset group drop-down list only appears if the administrator has created one or more asset groups in the user management administration. Otherwise, a newly created app belongs to the default asset group.
    • Business Impact: If this app is important, assign it a high or critical value. When you filter your application inventory by this attribute, this particular app appears near or at the top of the list. Then, you can focus your security testing efforts on this app first.
    • Risk Rating: The risk rating is based on a combination of highest detected issue severity and business impact. Higher numbers indicate increased risk.
    • Testing Status: Indicate Not Started, In Progress, or Completed in this field. This attribute appears as a summary dashboard chart, and contributes to the overall security risk rating.
    • Tags: You can add user-defined, shared attributes to new and existing apps. Enter the names that you want to attach to this app; separate multiple tags with commas. You can view all apps that have the same Tags attribute by filtering your display in the Application tab.
    • CVSS ratings: Available in the Advanced Attributes > Ratings section, these attributes contribute to the overall security impact assessment for an application. The values for each metric are mapped to the attribute of an application where the issue was found. You can't delete or modify these attributes, but you can modify their values.
  3. Click Save and then create a scan or manually import issues discovered by a third-party scanner.

Results

If you delete an app, all of the scans, findings, and issues are deleted. Historical data in the dashboard is also deleted.