developerWorks

AIX and UNIX
Information Mgmt
Lotus
Rational
Tivoli
WebSphere

Java™ technology
Linux
Open source
SOA and Web services
Web development
XML

My developerWorks
About dW
Submit content
Feedback

Related links
	ISV resources
	alphaWorks (emerging technologies)
	IBM Academic Initiative
	IBM Student Portal
	IBM Virtual Innovation Center (Bus. Partners)
	IBM Redbooks
	IBM Press books
	IBM communities

Local sites
	developerWorks 中国
	developerWorks Japan
	developerWorks 한국
	developerWorks Россия
	developerWorks Brasil
	developerWorks en español
	developerWorks Việt Nam

developerWorks > Rational >

Hacking 102

Integrating application security testing into development

Type: developerWorks Live! briefing


	Select location and register


	Get the presentation

Web application security issues continue to be a top priority. The only real solution is to build security into Web applications from the start. Secure coding practices and developer security tools help to preempt these issues through early discovery. IBM® Rational® AppScan® Developer Edition integrates Web application security testing into development, and Web-based education tools help non-security experts find, understand, and fix security issues. This workshop show you how to use the IBM Rational AppScan family in various stages of the development lifecycle to achieve these goals.

Audience

IT security professionals, quality assurance (Q&A), and application developers.

Duration

Half day hands-on workshop

Details

During this workshop you go through a complete cycle of finding, remediating, and retesting several security issues in a sample application. You'll hear about additional capabilities and more advanced features of the solutions. The workshop includes a brief introduction to Web application security and secure coding practices in general.

In this half-day workshop, learn about:

Web application security risk
Commonly used Web attacks
The importance of identifying and mitigating web application risks and vulnerabilities early in the SDLC
Black box vs white box scanning
Load Eclipse or RAD with Altoro
Demonstrate code changes that can introduce new vulnerabilities
Scan the code and find the vulnerabilities
Understand the risk and exposure associated with the disclosed vulnerabilities
Change the code to remediate the vulnerabilities
Rescan to verify risk mitigation

Download

Description	Name	Size	Download method
Presentation	hacking102presentation.pdf	2.4MB	HTTP


	Information about download methods			Get Adobe® Reader®

Resources

Learn

AppScan demos: Watch and learn.

Get products and technologies

Download IBM product evaluation versions and get your hands on application development tools and middleware products from DB2®, Lotus®, Rational®, Tivoli®, and WebSphere®.
The SOA Sandbox is an excellent resource for education on SOA and real-world experience using IBM SOA software.

Discuss

Participate in the discussion forum.
Check out developerWorks blogs and get involved in the developerWorks community.

Back to top

Document options

Document options requiring JavaScript are not displayed

Discuss

My developerWorks needs you!

Connect to your technical community

Spotlight

	Download a free trial of Rational AppScan Standard or Developer Edition

	Pre-weed your web applications: Rational AppScan demo promotion

	Webcast: Introducing IBM Rational AppScan Tester Edition for Rational Quality Manager

	Webcast: Introducing IBM Rational AppScan Developer Edition

	Tutorial: Create secure Java applications productively

More events

		Conferences and events
		developerWorks events and webcasts