This report consists of the following sections:
-
Introduction and Objectives: General information about the scan, including the project name, purpose of the
scan, and so on.
-
Executive Summary: A high-level view of the information gathered during the scan, usually using graphs or
comparative numbers. This section is meant to provide a general understanding of the security status of the
application.
-
Detailed Summary: A detailed listing of the scan results, including all issue types found, all remediation
tasks recommended, all vulnerable URLs, and so on. This section is meant to provide a more detailed understanding
of the security status of the application, as well as assist in scoping and prioritizing the work required to
remedy the issues found.
-
Detailed Remediation Task Information: For each remediation task type, this section includes remediation
tasks and associated issue types, as well as detailed security advisories, fix recommendations, and issues and
variants, all per issue type. This section is used both to educate on the nature and impact of the different
issues, and to guide their remediation.
-
Application Information: Details that AppScan revealed about the application, such as pages discovered,
script parameters tested, and so on. This section is used to understand the extent of coverage of the scan, as only
those areas detailed in the application data have been tested.
See the attached file for more details: remediation_tasks_-_sample.doc.
|