Professional Documents
Culture Documents
2
The Web Application Security Reality
Security Spending
% of Attacks % of Dollars
Web 10%
Applications
75% 90%
Network
Server
25%
4
Solving The Problem Requires a Strategic Approach
Enterprise-Wide
Strategic
Strategic Scalable Solution
Consultants
Outsourced
Outsourced Pen Testing
Unaware
Unaware
5
What is AppScan Enterprise?
INFORM
Push Reports
SCALE to Developers, MONITOR
QA, and
Reuse and Run Non-Security Staff Manage Problem
Multiple Scans Resolution
Across Through
Applications AppScan
AppScan Enterprise
Enterprise Trending Reports
Security Team
6
AppScan Enterprise – Key Features & Benefits
4 Issue Management
7
Multiple Report Levels
Dashboards
Report Pack Summaries
Detailed Reports
About this… Reports
8
Report Categories
Inventory Reports
Broken Links
Hosts
Pages
etc.
Security Reports
Application Security Issues
Infrastructure Security Issues
Remediation Tasks
Security Risk Assessment
Compliance Reports
Safe Harbour
Sarbanes-Oxley Act (SOX)
Visa CISP
etc.
9
User Roles and Access Permissions
Control access to
information Security Manager
10
What does AppScan Enterprise test for?
Web Applications
Third-party Components
AppScan
Enterprise
Web Server Configuration
Web Server
Database
Applications
Operating System
Network
11
How does AppScan Enterprise work?
Traverses a web application
Approaches an application as a black-box
Tests by sending modified HTTP requests
Thousands of tests for identifying hundreds of vulnerabilities
Web Application
HTTP Request
Application
Databases
12
AppScan Enterprise Architecture
13
Terminology
Content Scan Job
Import Job
Report Pack
Dashboard
Folder
14
Jobs, Report Packs, Reports & Dashboards
Reports
Job1
Security
Scan
Report
Pack 1
Dashboard 1
Job2
Security
Data Import
Report
Pack 2
Job3 Global
Security Scan Data Dashboard 2
Scan
Report
Pack 3
Job4
Infrastructure
Scan
15
Web-Based User Interface
16
Quick Scan vs. Advanced View
The UI mode is set in the user’s properties
Quick Scan View
Makes it easier to create a scan by abstracting
complexity
Leverages scan templates created by the
administrator
Reduces the scan configuration time
Suitable for developers, QA specialists who create
ad-hoc scans
Advanced View
Exposes all scan options
Suitable for administrators and advanced users
17