Forum for those Learning about Leading IBM Application Security Tricks, Scripts and Tools and Kits for AppScan Source for Analysis ...Customizing, Integrating, Sniffing, Snooping and Hijacking your way to joy.
An Easy Way To View AppScan Source
Findings from Multiple .ozasmt Files
For many years now, I have been dealing with the tens of
thousands of Findings that are generated from an average size web
application scanned with AppScan Source Edition.
Although there have been numerous improvements to the
user interface and the Findings representation to accommodate the
huge amount of data that is necessarily generated, I find that my
approach to static analysis (I want Millions of Findings, i.e. ALL
Possible Traces) demands that multiple scans can be incorporated into
a single view and then filtered according to all the information
available (still not the case in the Source for Analysis GUI).
For several years now, I have used one version or another
of this Findings Viewer, which allows dragging and dropping of
multiple assessments (6.x-8.x are supported), a very advanced
filtering mechanism, and then the saving or re-dragging of filtered
Findings into another Findings Viewer for further analysis:
Here are some screenshots of a typical workflow using the
Findings Viewer :
Drag and Drop .ozasmt files from Windows Explorer - 6.x-8.x assessment files supported
For multiple files, make sure to Uncheck the "Clear Findings on Ozasmt File Drop" box Now I have a bunch of Findings to filter upon... And can Drag And Drop From One Findings Viewer to Another to isolate the Traces that I care about. Finally I have both sides of the getAttribute() -> setAttribute() equation for ServletRequests... Now if only we had some type of programmatic TRACE STITCHING functionality??!!??