A Rational® AppScan® Tester
Edition test scans and tests your Web application for security vulnerabilities
such as cross-site scripting, buffer overflow, or content spoofing.
To edit the scan properties, choose a template type.
Note: If a template has not been defined
in Rational AppScan Tester
Edition, you cannot create a scan. Contact your administrator to have
a template defined for you.
Verdict Strategy: The verdict
strategy determines the criteria that must be met for a related test
execution record to pass or fail. Select the minimum issue severity
for the test. If any issues are found with this severity or a higher
severity when a related test execution record runs, the test fails.
- High: Tests fail when your application, Web server, or
information is exposed to direct danger.
- Medium: Tests fail when unauthorized access to private
areas threaten security, although the database and operating system
are not at risk.
- Low: Tests fail when AppScan detects
unauthorized reconnaissance.
- Information: Tests fail when AppScan uncovers
issues that you need to know about, but they are not necessarily related
to security.