This report consists of the following sections:
-
Introduction and Objectives: General information about the scan, including the project name, purpose of the
scan, and.
-
Executive Summary: A high-level view of the information gathered during the scan, usually using graphs or
comparative numbers. This section is meant to provide a general understanding of the security status of the
application.
-
Detailed Summary: A detailed listing of the scan results, including all issue types found, all remediation
tasks recommended, all vulnerable URLs, and so on. This section is meant to provide a more detailed understanding
of the security status of the application, as well as assist in scoping and prioritizing the work required to
remedy the issues found.
-
Detailed Vulnerability Information: For each issue, this section includes all relevant details, including a
detailed security advisory, and all variants, affected URLs, and fix recommendations. This section is used both to
educate on the nature and impact of the different issues, and to guide their remediation.
-
Application Information: Details that AppScan revealed about the application, such as pages discovered,
script parameters tested, and so on. This section is used to understand the extent of coverage of the scan, as only
those areas detailed in the application data have been tested.
See the attached file for more details: Security Issues (by Issue Type) - Sample.doc.
|