AppScan DE FAQs—Technical
Home
Solutions
  - AppScan™ DE
    - FAQ
    - Detailed Information
  - AppScan™ QA
  - AppScan™ Audit
  - AppShield™
  - AppShield Appliance
  - AppAudit
  - Whitepapers
Demos
Partners
Inside Sanctum
Web Perversion
Customers
News & Events
Support & Services
  - Support
Contact Us
Gov't Legislation
and Compliance
AppScan DE FAQs — Technical   Knowledge Center

General
  1. What are the minimum system requirements to install AppScan?
  2. What is the Patented Policy Recognition Engine?

Configure

  1. How do I configure AppScan DE to unit test an application?
  2. VS .Net integration.
  3. Native plug in for all other supported IDEs.
  4. Can I choose how AppScan DE scans my application?

Test

  1. How does AppScan DE Unit Test my application?
  2. What kinds of Web Applications does AppScan DE 1.7 test?
  3. Can AppScan DE test an application if it contains JavaScript?
  4. Can AppScan DE automatically test an application if it requires HTTP authenticaion?
  5. Cann AppScan DE automatically test my application if it utilizes client side certificates for authentication?
  6. Can AppScan DE automatically test my application if my site utilizes NTLM?
  7. Can AppScan DE automatically test an application if it contains SSL?
  8. What is code sanitation and content review?
  9. Will AppScan DE automatically run tests againts the security defects it has identified?
  10. I have an application server installed with a custom 3rd party application in my environment; does AppScan DE support it?

Recommend

  1. How do I report security defects with AppScan DE?
  2. What sorts of information does AppScan DE incldue in the results and reports?
  3. Are there different views of the testing results?
  4. What type of information is in the advisories?
  5. Will I be able to see the details fo what AppScan DE tested and found?

Report

  1. What typs of reports are available in AppScan DE?
  2. How does the report get generated?
  3. What formats can the reports be produced in?
 
What are the minimum system requirements to install AppScan DE?

Minimum System & Software Requirements:

  • Computer: Pentium III PC, 800 MHz
  • Operating System: Windows 2000 with SP2 (or higher), Windows XP with SP 1 (or higher), Windows .Net Server
  • RAM: 512 MB
  • Network: 1 NIC 10/100 MBPS for network communication with configured TCP/IP (100 MBPS recommended)
  • Disk Space: 100MB for installation, 1GB for results storage
  • Other Software: Internet Explorer 5.5 or 6.x and the relevant IDE (for the integration part)

Back to Questions
 
What is the Patented Policy Recognition Engine?

Sanctum's patented Policy Recognition Engine enables AppScan DE to perform unit tests automatically and accurately. Based on a series of requests it sends to the application and the responses it receives, the dynamic policy recognition engine learns the logic and intended behavior of the application and constructs unit tests that are specifically designed to identify security defects in the logic and behavior of the application.

Back to Questions

 
How do I configure AppScan DE to unit test an application?

Configuring a unit test with AppScan DE 1.7 is easy because it is integrated with your IDE.

Back to Questions

 
VS .Net integration?

Step one is to add an AppScan DE Project to your Visual Studio .NET Solution. AppScan DE then automatically creates a configuration for an automated unit test for that Project. Step two allows the developer to modify the default settings in order to narrow the scope of the test and/or the types of defects for which AppScan DE will check. Step three is to run the test. AppScan DE then saves these configuration settings for repeat testing of the same application. The XML configuration file format allows defining and sharing of configuration files between AppScan DE projects.

Back to Questions

 
Native plug in for all other supported IDEs?

Launch the AppScan DE Plugin. AppScan DE then automatically creates a configuration for an automated unit test given your previously set defaults. Step two allows the developer to modify the default settings in order to narrow the scope of the test and/or the types of defects for which AppScan DE will check. Step three is to run the test. AppScan DE then saves these configuration settings for repeat testing of the same application. The XML configuration file format allows defining and sharing of configuration files between AppScan DE projects.

Back to Questions

 
Can I choose how AppScan DE scans my application?

Yes. AppScan DE supports multiple scan types allowing the user to choose between control over the scan and automation of the scan and various degrees in-between. Specifically there are three scan types:

  • Automatic Scan (default) - Pre-scan definitions are supplied by the user. This enables the user to multi-task during the scan and requires less know how from the user.

  • Interactive Scan - Manually explore and test specific pages in the application. This maximizes user control of the scan enabling the user to manage every step and every stage of the scan.

  • User Defined Scan - All settings are supplied by the user. This is a totally customized scan giving maximum flexibility when conducting a scan.

  • Business Process Record and Play - This allows the user to record and play crawling through a specific business process or transaction and accurately repeat the test.

Back to Questions

 
How does AppScan DE Unit Test my application?

First, AppScan DE automatically analyzes the application's handling of the HTTP requests and responses learning the business logic and structure of the site. In the process, it detects potential defects in the way the application handles data input in form fields, URLs and parameters, HTTP headers, cookies, etc. Based on the potential vulnerabilities it detects, it creates customized tests to evaluate the security of the application's input validation processes.

Each test is created and customized automatically by AppScan DE before it is sent to the application. When the application responds to a test, AppScan DE's Expert Security System quickly and precisely analyzes the response to determine if it indicates the presence of a vulnerability or not. In addition, every response is categorized and rated automatically based on the likelihood that it is a security defect and the level of risk associated with the vulnerability.

Back to Questions

 
What kinds of Web Applications does AppScan DE 1.7 test?

AppScan DE 1.7 performs unit tests through the web front end regardless of the underlying technologies used to build the applications.

Back to Questions

 
Can AppScan DE test an application if it contains JavaScript?

Yes. AppScan DE can crawl through dynamic pages and JavaScript generated links maximizing the scope of the scanned area.

Back to Questions

 
Can AppScan DE automatically test an application if it requires HTTP authentication?

Yes. AppScan DE can crawl a site requiring HTTP authentication. Configuration of the HTTP Authentication fields in will ensure that AppScan DE will automatically provide the appropriate login information during the HTTP authentication process.

Back to Questions

 
Can AppScan DE automatically test my application if it utilizes client side certificates for authentication?

Yes. AppScan DE supports web sites requiring client side certificates to authenticate users; the AppScan DE user needs only to load the required certificate in order to scan the site.

Back to Questions

 
Can AppScan DE automatically test my application if my site utilizes NTLM?

Yes. AppScan DE supports web sites running NTLM. The user only needs to enable this option from within AppScan DE's General Settings menu.

Back to Questions

 
Can AppScan DE automatically test an application if it utilizes SSL?

Yes. AppScan DE can crawl a sites that utilize SSL v3, v2, and TLSv1 ensuring compatibility with the site's encryption method and allowing scans into the most sensitive parts of the applications.

Back to Questions

 
What is code sanitation and content review?

In addition to testing applications for security defects, AppScan DE also finds and flags content within an application that could potentially pose a security risk. Examples of such content are:

  • Comments left in source code
  • Unencrypted cookies
  • SQL statements in client-side JavaScript

Back to Questions

 
Will AppScan DE automatically run tests against the security defects it has identified?

Some of the tests AppScan DE is capable of running against the site have the potential to change data and files on the site so AppScan DE provides developers with complete control over its application testing engine. Users can have AppScan DE execute tests automatically or manually. In addition, users can select only specific tests or types of tests to run against the application instead of the entire comprehensive set of tests generated by default.

Back to Questions

 
I have an application server installed with a custom 3rd party application in my environment; does AppScan DE support it?

AppScan DE has a highly flexible architecture and is able to support many 3rd party and custom-built applications. AppScan DE's security testing is based on exploring a site and analyzing the HTTP and HTML content in the responses sent from the web server to the browser. As a result, AppScan DE can dynamically handle documents sent from a static source (requests for HTML pages) or if the document is sent by a web server that produced it dynamically with a CGI, ASP, ASPX, JSP, or ColdFusion.

Back to Questions

 
How do I report security defects with AppScan DE?

Once it has finished testing an application, AppScan DE delivers complete test descriptions and results to the developer inside AppScan DE 1.7 (for VS .Net integration - within the Visual Studio .NET interface). Developers can drill down into results to obtain test data, defect severity and advisories, and fix recommendations for both .Net and Java users. In addition, AppScan DE contains a reporting feature that enables developers to generate soft copy and/or hard copy reports for distribution to development team members, managers, or executives. Also, results can be exported in a standard format (CSV) to third party analysis or bug tracking software.

The results of the tests AppScan DE runs include severity ratings (e.g. the impact the defect has on the security of the application) for every defect found, a detailed description of the defect, links to additional information on the subject, HTML source code for the baseline and tests, and fix recommendations.

Back to Questions

 
What sorts of information does AppScan DE include in the results and reports?

When AppScan DE is finished running a unit test, it displays the number of non-vulnerable and vulnerable links and files detected in an interactive format. The user can then sort the results in a variety of ways, by defect category, severity, or result type, or the user can drill-down into a specific result to get a detailed technical description of the defect as well as a specific recommendation for how it should be fixed. In addition, results can be displayed in a variety of ways depending on the users needs: visited links, interactive links, filtered links, faulty links, and links that require scripts.

For every defect identified, AppScan DE provides a pinpointing feature that automatically launches the affected source file for the developer to check quickly. In addition, the user can generate a detailed report that contains all of the same information for export to a third party bug tracking system or to generate a hard copy print out.

Back to Questions

 
Are there different views of the testing results?

Yes, there is an interactive grid available for easy test result navigation with three levels of test results, from high level summary data to link-specific details. These results are color coded for 'at-a-glance' results interpretation and can be grouped by different test dimensions such as result, category, severity, safety, name, auto/manual, or link. When possible, subgrouping is provided.

Back to Questions

 
What type of information is in the advisories?

AppScan DE provides developers with detailed background and fix recommendations for each security defect found. Attack impact, affected products, technical descriptions, fix recommendations, and reference links are provided. In addition, sample code may be provided detailing the recommended fix.

Back to Questions

 
Will I be able to see the details of what AppScan DE tested and found?

Yes, users can fully navigate the security test results and obtain specific test details to help better understand both the tests performed and their impact. Information on the actual test that was sent and its results are provided, along with the ability for the user to add comments to the text for inclusion in the report. The properties tab describes the test that was sent (its path and parameters), as well as its bottom line success. It also contains a comments field where user comments can be added. The test response tab shows the html source code of the sites response. The actual attack AppScan DE sent will also be provided and able to be searched by path, keyword in the request, keyword in the response, and success or severity.

Back to Questions

 
What types of reports are available in AppScan DE?

AppScan DE reports are completely customizable. Some of the options available include:

  • Single view reports with all the information a developer needs
  • Reports containing the vulnerabilities per host, vulnerability highlights, URL count, vulnerabilities per applications, and application content
  • These reports can also be sorted and grouped to endure it looks and feels as the user desires.
  • Report filters such as, filter dialog box, report results by severity, result, test, category, and application path can be applied

Back to Questions

 
How does the report get generated?

Reports can be auto generated upon completion of the testing or they can be manually generated after the testing is complete.

Back to Questions

 
What formats can the reports be produced in?

Results can be exported to 3rd party defect analysts and tracking tools allowing for easy integration into existing infrastructure and management packages and processes. Specifically, reports can be exported as raw data to CSV format and can be saved as pdf, xls, html, rtf, txt, and tiff.

Back to Questions

 
 
AppShield, AppScan, Policy Recognition, and Adaptive Reduction are trademarks of Sanctum, Inc. All other product names referenced are the property of their respective owners and are hereby acknowledged.

 
 Datasheet
 Product White Paper
 AppScan DE Features
 FAQ's
  - Product Overview
  - Pricing...Training
  - Competition
  - Technical
  - Compatibility
  - Application Security
 VS .NET Hosted Experience
 Press Releases
 AppScan DE in the News
 Support & Services

Free AppScan DE Trial

Strategic Partner Solutions
Because you need to build security into your VS.NET application from the start.
 - Microsoft
 - Partner Directory

Contact Me Now
Click here if you would like a Sanctum Sales Rep to contact you within 24 hours.

 © 2004 Sanctum, Inc.    Privacy Statement  |   Legal Disclaimer
  1. https://www.gustudentassociation.org/
  2. https://kimmerestaurant.com/
  3. https://www.nyonyafood.com/
  4. https://www.perfectotech.com/
  5. https://www.planetgapyear.com/
  6. https://whatcomvet.com/
  7. https://theclassicyachtexperience.com/
  8. https://www.batonrougerosesociety.org/
  9. https://www.finburysullivan.com/
  10. https://mikrofinanzinstitut.com/
  11. https://oakgroveplantationsc.com/
  12. https://www.the-vision-of-harmony.org/
  13. https://www.pantheonpress.com/
  14. https://thefinancialgraduate.com/
  15. https://www.thenutkitchen.com/
  16. https://altiboutique.com/
  17. https://ambushsweden.com/
  18. https://goingonforgod.com/
  19. https://lasdopestattorney.com/
  20. https://www.sewardne.com/
  21. https://www.tehranfestival.com/
  22. https://www.bistrotmarin.com/
  23. https://brysonchristianmontessorischool.com/
  24. https://www.excalibureurope.com/
  25. https://www.tropicaltopless.com/
  26. https://www.originallotsoflox.com/
  27. https://www.wavespace-berlin.com/
  28. https://www.nicolasboutruche.com/
  29. https://www.michiganmediates.org/
  30. https://www.victoria-abbott.com/
  31. https://www.yourmyrtlebeachproperty.com/
  32. https://metrcconference.com/
  33. https://biotechscope.com/
  34. https://jzbrasil.com/
  35. https://kingswoodacquisition.com/
  36. https://www.mobilegourmetkitchen.com/
  37. https://saafootball.org/
  38. https://griefergames.info/
  39. https://ampalauragarcianoblejas.com/
  40. sbobet
  41. judi parlay
  42. togel kamboja
  43. Pengeluaran Cambodia
  44. judi bola
  45. demo slot
  46. Togel Kamboja
  47. keluaran Kamboja
  48. slot thailand
  49. togel kamboja
  50. keluaran kamboja
  51. togel Kamboja
  52. slot demo
  53. keluaran cambodia
  54. togel cambodia
  55. demo mahjong
  56. live draw macau
  57. slot thailand
  58. pengeluaran kamboja
  59. judi bola
  60. sbobet
  61. slot demo
  62. togel sdy