A large enterprise might consist of multiple business units where each unit is responsible for ensuring web application security. With a separate instance IBM® Security AppScan® Enterprise (ASE), each business unit can scan its web assets to find vulnerabilities in their web assets. Setting up a separate installation of AppScan Enterprise for each business unit can be costly in terms of hardware, maintenance, and labor.
Efficiency improves when the enterprise requires each business unit to scan its web assets from a centralized ASE-based scanner that is made available across all business units. The centralized scanner must provide for data isolation between the business units to keep the scans of individual business units confidential.
To achieve this confidentiality, the enterprise provides a separate instance and isolated database to each business unit from a single install of ASE.
This white paper describes design and implementation notes to implement a centralized ASE-based web security scanning service that provides data isolation, user isolation, and Dynamic Application Security Testing (DAST) agent multiplexing for a typical enterprise.
- Download "Implementing an AppScan Enterprise-based Web Security Solution" from the Security on developerWorks community.
- Visit the Security on developerWorks blog to learn about new security-related how-to guides, articles, and demo videos.
- Sign up for the weekly Security on developerWorks newsletter for the latest security headlines.
- Follow @dwsecurity to get updates from the developerWorks security zone in real time.