Findings are classified by AppScan® Source to indicate
whether they are security or scan coverage findings. Security findings
represent actual or likely security vulnerabilities - whereas scan
coverage findings represent areas where configuration could be improved
to provide better scan coverage.
Each finding falls into one of these classifications:
- Definitive security finding: A finding that contains a
definitive design, implementation, or policy violation that presents
an opportunity for an attacker to cause the application to operate
in an unintended fashion.
This attack could result in unauthorized
access, theft, or corruption of data, systems, or resources. Every
definitive security finding is fully articulated, and the specific
underlying pattern of the vulnerable condition is known and described.
- Suspect security finding: A finding that indicates a suspicious
and potentially vulnerable condition that requires additional information
or investigation. A code element or structure that can create a vulnerability
when used incorrectly.
A suspect finding differs from a definitive
finding because there is some unknown condition that prevents a conclusive
determination of vulnerability. Examples of this uncertainty can be
the use of dynamic elements, or of library functions for which the
source code is not available. As a result, there is an additional
level of research that is required to confirm or reject a suspect
finding as definitive.
- Scan coverage finding: Findings that represent areas where
configuration could be improved to provide better scan coverage (for
example, lost sink findings).
Note: In some cases, a classification of None may
be used to denote a classification that is neither a security finding
nor a scan coverage finding.