This report consists of the following sections:
-
Introduction and Objectives: General information about the scan, including the project name, purpose of the scan,
and so on.
-
Executive Summary: A high-level view of the information gathered during the scan, usually using graphs or
comparative numbers. This section is meant to provide a general understanding of the security status of the
application.
-
Detailed Summary: A detailed listing of the scan results, including all issue types found, all remediation tasks
recommended, all vulnerable URLs, and so on. This section is meant to provide a more detailed understanding of the
security status of the application, as well as assist in scoping and prioritizing the work required to remedy the
issues found.
-
Detailed Remediation Task Information: For each remediation task type, this section includes remediation tasks and
associated issue types, as well as detailed security advisories, fix recommendations, and issues and variants, all per
issue type. This section is used both to educate on the nature and impact of the different issues, and to guide
their remediation.
-
Application Information: Details that AppScan revealed about the application, such as pages discovered, script parameters
tested, and so on. This section is used to understand the extent of coverage of the scan, as only those areas detailed in
the application data have been tested.
See the attached file for more details: Remediation Tasks - Sample.doc.
|