Skip to content

Advanced Test Options for Source Code Targets

The Advanced Test Options page has questions about the application and its build environment.

An asterisk (*) indicates a required field.

Application's Primary Goal/Mission Q1. What does the application do? : Describe what the application does, and how it does that.

How critical is the application?* : Choose one of the following:

-   Critical
-   High
-   Medium
-   Low

Application's Primary Users Q1. Who interacts with the application the most?* : Describe the application's stakeholders.

How do they use it?* : Describe how the stakeholders interact with the application.

Q3: Do you have different user roles supported by the application?* : If you answer YES, then for each role fill in the Role Type and Role Description fields, and then click Add Role Form.

Application Data Q1: What kind of data is used or stored with the application?* : Choose one of the following:

-   PII \[Personally Identifiable Information\]
-   Confidential information
-   Passwords
-   Credit Card Numbers
-   Social Security Numbers
-   Other

Development Environment : (This section does not appear for Python, PHP, and JavaScript source.)

Q1. Please select the Java|VisualStudio.NET version to be used for scanning your application:* : For Java source code, select one of the following:

-   JDK 1.6
-   JDK 1.7
-   JDK 1.8

For .NET source code, select one of the following:

-   Visual Studio .NET 2003
-   Visual Studio .NET 2005
-   Visual Studio .NET 2008
-   Visual Studio .NET 2010
-   Visual Studio .NET 2012
-   Visual Studio .NET 2013
-   Visual Studio .NET 2015

Q2. (Java only) Please select the JDK provider to be used for testing your application:* : Select one of the following:

-   Oracle
-   IBM

Q3. (Java only) Is this a JEE Web Application?* : Choose YES or NO.

Q3.1. (Java only) Please select the version of JEE: : If you responded Yes to the previous question, use the drop-down list to choose a JavaEE version from 5 to 10.

Q4. (Java only) Does your application use any open source library?* : Choose YES or NO.

If you chose YES, then highlight all the appropriate open source libraries in this list \(you can hold down the COMMAND or the SHIFT key to highlight multiple entries\):

-   Struts 1.x
-   Struts 2.x
-   Spring Framework 3.x
-   Spring Framework 4.x
-   Spring MVC
-   Spring Security
-   Hibernate
-   Other

If you highlighted Other, specify the particular open source library you use.

Build Environment : (This section does not appear for Python, PHP, and JavaScript source.)

Q1. What build tool is used? : For Java source code, choose one of the following:

-   Ant
-   Maven
-   Command Line
-   Other

For .NET source code, choose one of the following:

-   NAnt
-   MSBuild
-   Command Line
-   Other

Q1.1. (Java SAST - C/S only) Are the libraries hosted in an internal repository like Nexus or central repositories to build source code?* : Choose either Internal repository" or "Central repository".

Q2. List any continuous integration tools used within the build environment:* : For Java source code, choose one of the following:

-   Jenkins
-   Hudson
-   CruiseControl
-   Bamboo
-   Other

For .NET source code, choose one of the following:

-   Jenkins
-   Hudson
-   CruiseControl.NET
-   Team Foundation Server
-   Bamboo
-   Other

Q2.1. Please mention other continuous integration tool. : If you chose Other in respose to the previous question, enter the name of the integration tool you do use.

Communication Protocol : (For SAST-S and SAST-C tests only.)

Q1. Describe how the client and the server communicate with each other:* : Highlight all of the entries that apply (you can hold down the COMMAND or the SHIFT key to highlight multiple entries):

-   HTTP
-   SOAP
-   REST
-   Ajax
-   XML over HTTP
-   Custom protocol
-   Other

Q1.1. Please mention other communication protocol: : If you chose Other in respose to the previous question, enter the name of the communication protocol you do use.

Security Features : (For SAST-S and SAST-C tests only.)

Q1. What security features are implemented in the application:* : Highlight all of the entries that apply (you can hold down the COMMAND or the SHIFT key to highlight multiple entries):

-   Authentication
-   Authorization
-   Auditing
-   Encryption
-   Content validation or encoding
-   Session management

Additional Issues : (For SAST-S and SAST-C tests only.)

Q1. Do you want to be notified of quality issues along with security issues?* : Choose YES or NO.

Q2. Do you want to be notified of performance issues along with security issues?* : Choose YES or NO.

External Communication : (For SAST-S and SAST-C tests only.)

Q1. Does the application communicate with external systems like Web services, FTP services, legacy systems, and so on?* : Choose YES or NO.

Q1.1. Please provide external communication details. : If you responded YES to the previous question, describe how the application communicates with external systems: Specify the number of service endpoints, the APIs used, and so on.

Additional Scoping Form Changes : Mandatory Field *

Q1. Select JavaScript framework type* (selection box): : One option only for now: "Client-side" If selected "Client-side" in the first question, the 2nd question:

Q1.1. Select JavaScript framework * (selection box): : - AngularJS - Angular - React

Parent topic:Scheduling Tests for Source Code Targets