Scribd Logo
Importer

Bienvenue sur Scribd !

  • Appscan Introduction

    Transféré par

    leminh74
    42 vues17 pages
    Security Team Integrate web application Security in the SDLC 7 AppScan Enterprise -Key Features and Benefits Increase visibility and better understand enterprise risks Easily distribute reports Control the access to information Enable Development and QA to perform testing during SDLC Control what applications each user can test.

    Description originale:

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Security Team Integrate web application Security in the SDLC 7 AppScan Enterprise -Key Features and Benefits Increase visibility and better understand enterprise risks Easily distribute reports Control the access to information Enable Development and QA to perform testing during SDLC Control what applications each user can test.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    42 vues17 pages

    Appscan Introduction

    Transféré par

    leminh74
    Security Team Integrate web application Security in the SDLC 7 AppScan Enterprise -Key Features and Benefits Increase visibility and better understand enterprise risks Easily distribute reports Control the access to information Enable Development and QA to perform testing during SDLC Control what applications each user can test.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 17

    IBM Software Group

    2007 IBM Corporation


    Introduction to AppScan Enterprise
    2
    Contents
    The Application Security Problem
    What is AppScan Enterprise?
    Main Features
    How does AppScan Enterprise work?
    Key Concepts and Terminology
    User Interface Tour
    3
    Network
    Server
    Web
    Applications
    The Web Application Security Reality
    % of Attacks % of Dollars
    75%
    10%
    25%
    90%
    Sources: Gartner, Watchfire
    Security Spending
    of All Attacks on I nformation Security
    Are Directed to the Web Application Layer
    75%
    75%
    of All Web Applications Are Vulnerable
    2/3
    2/3
    4
    Web Application Security Challenges
    Difficulty Managing 3
    rd
    Party Vendors
    Difficulty Managing 3
    rd
    Party Vendors
    5 5
    5
    Not Monitoring Deployed Applications
    Not Monitoring Deployed Applications
    4 4
    4
    Catching Problems Late in the Cycle
    Catching Problems Late in the Cycle
    3 3
    3
    Lack of Control and Visibility
    Lack of Control and Visibility
    2 2
    2
    Security Team Has Become a Bottleneck
    Security Team Has Become a Bottleneck
    1 1
    1
    5
    Web Application Security Evolution Web Application Security Evolution
    Strategic
    Strategic
    Strategic
    Strategic Strategic
    Enterprise-Wide
    Scalable Solution
    Solving The Problem Requires a Strategic Approach
    Tactical
    Tactical
    Manual Efforts, Desktop Audit Tools
    2-3 Internal Security Experts
    Outsourced
    Outsourced
    Consultants
    Pen Testing
    Unaware
    Unaware
    6
    SCALE SCALE
    Reuse and Run
    Multiple Scans
    Across
    Applications
    I NFORM I NFORM
    Push Reports
    to Developers,
    QA, and
    Non-Security Staff
    MONI TOR MONI TOR
    Manage Problem
    Resolution
    Through
    Trending Reports
    AppScan Enterprise
    AppScan Enterprise AppScan Enterprise
    What is AppScan Enterprise?
    Security Team
    Integrate Web Application Security in the SDLC
    7
    AppScan Enterprise Key Features & Benefits
    Increase visibility and better understand enterprise risks
    Controlled, Web-based Report Distribution
    Controlled, Web-based Report Distribution
    3 3
    3
    Controlled, Web-based Application Testing
    Controlled, Web-based Application Testing
    2 2
    2
    1 1
    1
    Enterprise Metrics and Visibility
    Enterprise Metrics and Visibility
    Easily distribute reports
    Control the access to information
    Enable Development and QA to perform testing during SDLC
    Control what applications each user can test
    4 4
    4
    Issue Management
    Issue Management
    Focus on fixing issues, not just finding issues
    8
    Multiple Report Levels
    Dashboards
    Report Pack Summaries
    Detailed Reports
    About thisReports
    9
    Report Categories
    Inventory Reports
    Broken Links
    Hosts
    Pages
    etc.
    Security Reports
    Application Security Issues
    Infrastructure Security Issues
    Remediation Tasks
    Security Risk Assessment
    Compliance Reports
    Safe Harbour
    Sarbanes-Oxley Act (SOX)
    Visa CISP
    etc.
    10
    User Roles and Access Permissions
    Security Manager
    Pen Tester
    Developer
    Compliance
    Officer
    AppScan
    Enterprise
    Control access to
    information
    Assign user roles
    Specify what
    applications a user can
    scan
    Specify what types of
    tests a user can
    perform
    11
    What does AppScan Enterprise test for?
    Network
    Operating System
    Applications
    Database
    Web Server
    Web Server Configuration
    Third-party Components
    Web Applications
    AppScan
    Enterprise
    12
    How does AppScan Enterprise work?
    Traverses a web application
    Approaches an application as a black-box
    Tests by sending modified HTTP requests
    Thousands of tests for identifying hundreds of vulnerabilities
    HTTP Request
    HTTP Response
    Web
    Servers
    Application
    Databases
    Web Application
    13
    AppScanEnterprise Architecture
    Clients AppScan Enterprise Target Sites
    14
    Terminology
    Content Scan J ob
    Infrastructure Scan J ob
    Import J ob
    Report Pack
    Dashboard
    Folder
    15
    Jobs, Report Packs, Reports & Dashboards
    Job4
    Infrastructure
    Scan
    Job2
    Security
    Data Import
    Job1
    Security
    Scan
    Global
    Scan Data
    Job3
    Security
    Scan
    Reports
    Report
    Pack 1
    Report
    Pack 2
    Report
    Pack 3
    Dashboard 1
    Dashboard 2
    16
    Web-Based User Interface
    Enter your user name and password
    Navigate to AppScan Enterprise,
    e.g.
    http:/ / aseserver/ appscan
    17
    Quick Scan vs. Advanced View
    The UI mode is set in the users properties
    Quick Scan View
    Makes it easier to create a scan by abstracting
    complexity
    Leverages scan templates created by the
    administrator
    Reduces the scan configuration time
    Suitable for developers, QA specialists who create
    ad-hoc scans
    Advanced View
    Exposes all scan options
    Suitable for administrators and advanced users

    Vous aimerez peut-être aussi