Defining a CAS-based test

Vulnerability Assessments use the CAS mechanism to run-OS level tests on the database server, and identify vulnerabilities.

Before you begin

About this task

You can create a new CAS-based test by modifying an existing CAS-based test or by starting from the beginning and defining all the fields.

1. Open the Assessment Builder by clicking Harden > Vunerability Assessment > Assessment Builder.
2. From the User-defined tests, click CAS-based Tests to open the CAS-based Test Finder panel.
3. Click New or Modify to create a new test.
4. Enter a unique Test name.
5. Select a database from the Database Type menu.
6. Select a category from the Category menu.
7. Select a category from the Severity menu.
8. Optional: Enter a Short Description for the test.
9. Optional: Enter an External reference for the test.
10. Enter a Result text for pass that will be displayed when the test passes.
11. Enter a Result text for fail that will be displayed when the test fails.
12. Enter a Recommendation text for pass that will be displayed when the test passes.
13. Enter a Recommendation text for fail that will be displayed when the test fails. Recommendation text for fail - To prevent cross site hacking, any name from this list, used in the Recommendation text for fail text box, will be rewritten: expression; function; javascript; script; alert; eval; <img; ContentType
14. Select a template to use from the CAS Template menu.
15. Select an operator to use from the operator menu.
16. Enter a Search string that will be used with the operator to compare what is returned from the CAS template. This comparison that determines whether this test passes or fails. You may also click on the RE icon to define a regular expression for the search string.
17. Optional: Check the Fail if match check box if the test should fail when a match is made with the search string.
18. Click Apply to save the CAS-based test.

Results

You can add this newly created CAS-based test to an assessment.