A Rational® AppScan Tester Edition test scans and
tests your Web application for security vulnerabilities such as cross-site
scripting, buffer overflow, or content spoofing. To edit the scan properties,
choose a template type.
Note: If a template has not been defined in Rational AppScan Tester
Edition, you cannot create a scan. Contact your administrator to have a template
defined for you.
Verdict Strategy: The verdict strategy determines
the criteria that must be met for a related test execution record to pass
or fail. Select the minimum issue severity for the test. If any issues are
found with this severity or a higher severity when a related test execution
record runs, the test fails.
- High: Tests fail when your application, Web server, or information
is exposed to direct danger.
- Medium: Tests fail when unauthorized access to private areas threaten
security, although the database and operating system are not at risk.
- Low: Tests fail when AppScan detects unauthorized reconnaissance.
- Information: Tests fail when AppScan uncovers issues that you need
to know about, but they are not necessarily related to security.