SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
  • SOLUTIONS
    • Application Security
    • DevSecOps
    • Digital Forensics
    • IT Operations Management (ITOM)
    • Malware Analysis and Reverse Engineering
    • Network Management System (NMS)
    • Network Operation (NetOps)
    • Network Performance Monitoring and Diagnostics (NPMD)
    • Penetration Testing
    • Secure Development
    • Security Information & Event Management (SIEM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Brand Overview
      • Acunetix
      • E-Lock
      • Hex-Rays
      • Immunity
      • Progress | Ipswitch
      • Metageek
      • Qualys
      • Parasoft
      • Tenable
      • Titania
      • Veracode
    • Rest of Brands
      • Adobe
      • BeyondTrust
      • Core Security
      • DefenseCode
      • HCL
      • ImmuniWeb
      • LiveAction
      • McAfee
      • Micro Focus
      • Microsoft
        • Microsoft Surface
      • Netsparker
      • Nutanix
      • Paessler
      • PECB
      • Portswigger
      • Red Hat
      • Riverbed
      • RSA
      • Solarwinds
      • TamoSoft
      • Trend Micro
      • TSFactory
      • Trustwave
      • VMware
      • VanDyke
      • Visiwave
    • Services Overview
    • Line Card
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Careers
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • Brand
  • AppScan Standard Web Vulnerability Scanner
Tenable Product Family Overview
0
E-SPIN
Thursday, 20 September 2018 / Published in Brand, HCL, IBM, Product

AppScan Standard Web Vulnerability Scanner

AppScan Standard web vulnerability scanner (WVS) is (formerly Watchfire AppScan, now under IBM Security AppScan product family), more specifically Dynamic Application Security Testing (DAST) base web vulnerability scanner use to protects against web application attacks and expensive data breaches by testing your application code.

Prevent security risks

It’s critical to adopt an application security strategy that protects applications during every phase of development. Testing web and mobile applications prior to deployment helps to counteract security risks, by generating vulnerability reports and fix recommendations. AppScan Standard automates appsec vulnerability testing, minimizes web app attacks and prevents costly data breaches by permitting you to test apps before deployment. AppScan Standard provides clear visibility across your infrastructure – helping you identify and prioritize threats based on business impact and mitigate risk by fixing code or deploying appropriate policies.

Avoid security vulnerabilities

Use automated Dynamic Application Security Testing (DAST) and advanced static analysis (SAST) – “black box” and “white box” techniques– to detect developing security issues.

Empower accurate scanning

Scan websites to identify embedded vulnerabilities. Simplify interpretation of scan results with scan-specific explanations of each issue.

Get quick remediation

Fix high-priority problems first with streamlined remediation. Make fixes quickly with the provided remediation steps – including code examples and a task list.

Key features

  • Incorporate application security testing into DevOps
  • Enhance application security with Cognitive capabilities
  • Manage and reduce risk in web and mobile applications
  • Address your appsec risk

Provides a comprehensive view into application vulnerabilities

Configure, run and upload app scans with our cloud integration feature

Get in-depth understanding of app security issues

Customized reporting on industry standards and compliance

Product Overview

IBM Security AppScan® Standard is a security vulnerability testing tool for web applications and web services. It features the most advanced testing methods to help protect your site from the threat of cyber-attack, together with a full range of application data output options.

IBM SecurityAppScan Standard employs three distinct testing techniques that complement and enhance each other:

Dynamic Analysis (“black-box scanning”)
This is the primary method, testing and evaluating application responses during run-time.
Static Analysis (“white-box scanning”)
This is a unique technology that analyzes JavaScript code in the context of the full web page.
Interactive Analysis (“glass box scanning”)
The dynamic test engine can interact with a dedicated glass-box agent which resides on the web-server itself, enabling AppScan to identify more issues, and with greater accuracy, than by conventional dynamic testing alone

AppScan’s advanced capabilities include:

  • General and regulatory compliance reporting, with over 40 different templates available out-of-the-box
  • Customization and extensibility through the AppScan eXtension Framework, or by direct integration into existing systems using the AppScan SDK
  • Link categorization capabilities that go beyond application security to identify risks posed to users from links to malicious or other unwanted sites

AppScan Standard helps you decrease the risk of web application attacks and data breaches both before site deployment and for ongoing risk assessment in production.

AppScan Standard Latest Release and Update

Each time the software release and update, will change this post date and incorporate those latest information in this section.

AppScan Standard 9.0.10 – 9.0.3 Fix Pack 10 (Sep 20, 2018)

What’s new

A complete list of fixes in this version can be found at: http://www.ibm.com/support/docview.wss?uid=swg27021374

This fix pack includes the following improvements:

  • Web Services Configuration wizardThe new Web Services Configuration Wizard helps you configure a scan based on the service’s Open API definition files (JSON and/or YAML). The wizard helps create the Explore stage traffic (rather than record it), and the configuration is then used to run an automatic scan.

 

AppScan Detailed System Requirements

For your convenience, the tabs below identify the supported releases of IBM Security AppScan Standard from which you can select detailed system requirement reports for different contexts (by Operating System, by component). Note that clicking a link will always generate a new, up-to-date report.

Note: AppScan Standard runs on Windows operating systems only. If glass box scanning is used, the glass box agent must be installed on the tested application’s server (Java and .NET platforms are supported). The system requirements listed for other (non-Windows) systems apply only to the server on which this glass box agent is installed.

A summary of the minimum hardware and software required to run AppScan Standard.

Important: A complete list of system requirements can be found at: http://www.ibm.com/support/docview.wss?uid=swg27024155

Minimum hardware requirements:

Hardware Minimum Requirement
Processor Core 2 Duo 2 GHz (or equivalent)
Memory 4 GB RAM
Disk Space 30 GB
Network 1 NIC 100 Mbps for network communication with configured TCP/IP

Operating system and software requirements:

Software Details
Operating System Supported operating systems (both 32–bit and 64–bit editions):

  • Microsoft Windows Server 2016: Standard and Datacenter
  • Microsoft Windows Server 2012: Essentials, Standard and Datacenter
  • Microsoft Windows Server 2012 R2: Essentials, Standard and Datacenter
  • Microsoft Windows Server 2008 R2: Standard and Enterprise, with or without SP1
  • Microsoft Windows 10: Pro and Enterprise
  • Microsoft Windows 8.1: Pro and Enterprise
  • Microsoft Windows 8: Standard, Pro and Enterprise
  • Microsoft Windows 7: Enterprise, Professional and Ultimate, with or without SP1
Browser Microsoft Internet Explorer 11Recommended: Internet Explorer Version 11.0.9600.18537, Update Versions 11.0.38 KB3203621

Note: Although the default AppScan Standard browser is based on Internet Explorer 11, you can configure AppScan to login and scan your site using another version of Internet Explorer, or with Google Chrome, Mozilla Firefox or MS Edge, if installed on your OS.

Other Microsoft .NET Framework 4.6.2If using floating or token licenses: Rational® License Key Server 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5

(Optional) Adobe Flash Player for Internet Explorer is required for Flash execution (and for viewing instructional videos in some of the advisories). Versions 9.0.124.0 up to 14.0.0.125 are supported. Earlier versions are not supported, and some versions may require configuration.

(Optional) Microsoft Word 2007, 2010, 2013 for custom report templates.

Important:

  • Customers without a local license on their computer require a network connection to their licensing server when using Security AppScan Standard.
  • A personal firewall running on the same computer as Security AppScan Standard might block communication and result in inaccurate findings and reduced performance. For best results do not run a personal firewall on the computer that runs Security AppScan Standard.

Glass box system requirements

In order to use the glass box scanning feature, you will need to set up the server-side glass box agent on your application server. The following server platforms and technologies are supported.

Java™ platforms:

Software Details
JRE Versions 6 and 7 are supported. JRE 8 is notsupported.
Operating System Supported Microsoft Windows systems (both 32–bit and 64–bit editions):

  • MicrosoftWindows Server 2012
  • MicrosoftWindows Server 2012 R2
  • MicrosoftWindows Server 2008 R2

 

Supported Linux systems:

  • Linux RHEL 5, 6, 6.1, 6.2, 6.3, 6.4

 

Supported UNIX systems:

  • UNIX AIX® 6.1, 7.1
  • UNIX Solaris (SPARC) 10, 11
Java EE container JBoss AS 6, 7; JBoss EAP 6.1; Tomcat 6.0, 7.0; WebLogic 10, 11, 12; WebSphere® 7.0, 8.0, 8.5, 8.5.5

.NET platforms:

Item Details
Operating System Supported operating systems (both 32–bit and 64–bit editions):

  • MicrosoftWindows Server 2012
  • MicrosoftWindows Server 2012 R2
  • MicrosoftWindows Server 2008 R2
Other Microsoft IIS 7.0 or laterMicrosoft .NET Framework 4.0 or 4.5 must be installed, and IIS must be configured at the root level to work with this version of ASP.net

Note: User must have administrator privileges when running the application on the server.

Note: The agent should be installed after the application you want to test is successfully installed on the server.

 


Cookie usage

Although Security AppScan Standard tracks cookies set by the application it is scanning, it does not set cookies of its own for authentication or any other purpose.

 


Supported Languages

The AppScan user interface can run in the following languages: Chinese (Simplified), Chinese (Traditional), English (United States), French, German, Italian*, Japanese, Korean*, Portuguese (Brazil), Russian*, Spanish (Spain). To change the user interface language go to Tools > Options > General tab

Important: Changes since 9.0.3.7 have not been fully translated in the Online Help documentation. The English documentation is up-to-date.

To access the English documentation for these features:

  1. In Windows Explorer, open [Program Files]\IBM\AppScan Standard\Docs
  2. Locate and open AppScanOnlineHelp.chm (the English Online Help file)
  3. Refer to these sections:
    • Configuring > Scan Configuration dialog box > Login Management
    • Configuring > Scan Configuration dialog box > Explore Options
    • Tools > Configuration dialog box > Web Services Configuration Wizard

Supported Technologies

Helps you understand which technologies used by your site might affect AppScan®’s ability to scan it.

Some technologies used by your site might affect AppScan’s ability to scan it, while others do not affect the scan at all.

  • AppScan is a “Black-Box” (DAST) tool, and scans your site using the same mechanisms as a browser. Therefore, in general, server-side technologies that are transparent to a browser are also transparent to AppScan, and do not affect the scan.
  • Client-side technologies such as JavaScript and the HTTP protocol itself, do affect AppScan. Unlike a browser, AppScan needs to understand these technologies at a level that allows automatic crawling, session maintenance, and of course testing. In these cases you need to configure AppScan to scan correctly.

An AppScan scan consists of two main stages: Explore and Test. For each stage, the table below offers guidelines for understanding which server-side and client-side technologies might affect the scan, and in which cases configuration is needed.

Server-side technologies

Client-side technologies

Explore stage

Any server-side technology that does not affect the client – such as the specific database used – does not affect the scan in any way.

Many mechanisms that do affect the client (like session management) will not limit the scan as long as AppScan is configured correctly. For example, web servers and application servers affect how session IDs are managed, and AppScan must be able to track these IDs. Many common session IDs are predefined or can be automatically detected by AppScan and do not require additional configuration. However, additional configuration may still be required for some custom mechanisms.

AppScan specifically supports WebSphere Portal custom URLs. WSP encodes the URLs in a way that makes it difficult to track them as they appear. AppScan decodes the URLs so they can be understood and tuned.

Glass box scanning is supported for Java and .NET only.

The two main client-side technologies used today are HTML5 and JavaScript, and both affect the Explore stage of the scan:

AppScan supports HTML in the Explore stage. This means links can be extracted, forms can be understood and filled, etc.

AppScan supports (executes) plain JavaScript. Several major frameworks are specifically supported, including JQuery, AngularJS, and PrototypeJS. Many other JS frameworks though not specifically supported, do not limit the scan in any way.

If the automatic Explore stage misses pages due to a specific technology, the pages can be added to the scan by exploring the site manually after the automatic Explore stage, and before the Test stage.

Test stage

AppScan is designed to test the application and not its supporting technologies, therefore they do not affect testing. To consider databases again: AppScan’s suite of SQL Injection tests are independent of the database used. It also offers specific tests for 3rd Party testing (Common Vulnerabilities testing).

Client-side testing is performed only on JavaScript code. Currently only plain JS vulnerabilities are detected.

JS Frameworks are not supported, and therefore JS code that uses a framework may not be properly analyzed.

HTML5 is fully supported.

Tagged under: AppScan, Dynamic Application Security Testing (DAST), HCL, IBM, Web Vulnerability Scanner

What you can read next

LogInspect™ v5.1.1
The One Stop Business-to-Business Enterprise Technology Solutions, Shared Service Outsourcing, Distribution and Trading service provider
VMware Airwatch EMM Product Overview by E-SPIN
Adobe InDesign

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Why paper planner, notebook and journal still one of modern productivity tool

    Paper planner is symbol of dated work practice?...
  • The future of work after COVID-19

    Let’s get real, despite the vaccine rolli...
  • Retail trends for 2021 and beyond

    After a year long of COVID-19 pandemic, lockdow...
  • AppSec Lab AppUse Pro product discontinued notice

    For all the business partners and customers, Be...
  • Linux dominance DevSecOps

    Whether from the DevOps to modern DevSecOps, Li...

Recent Comments

  • Dorai M on 5 Common ML Challenges Data Scientists Face

Archives

  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011
  • February 2009
  • July 2008

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • BeyondTrust
  • Brand
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DefenseCode
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Ipswitch
  • Job
  • Life Science
  • LiveAction
  • Logpoint
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PECB
  • PortSwigger
  • Pradeo
  • Product
  • Qualys
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Smart City
  • Soft Activity
  • SolarWinds
  • Solution
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Careers
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • YouTube
  • WordPress Blog
© 2005 - 2021 E-SPIN Group of Companies | All rights reserved.
  • Contact
  • Privacy
  • Terms of use
TOP