Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your developerWorks profile is displayed to the public, but you may edit the information at any time. Your first name, last name (unless you choose to hide them), and display name will accompany the content that you post.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

Select a language:

  • Close [x]
  • Close [x]

Create secure Java applications productively, Part 2

Maximize security in your Java Web application with Rational AppScan

David Whitelegg (dw@itsecurityexpert.co.uk), Freelance writer and developer, Freelance Writer
Author photo
David Whitelegg is a UK based Certified Information Security Systems Professional (CISSP) and Cisco Certified Security Professional (CCSP), and has been working within Information Security for almost 15 years. David has been actively involved in securing high profile Web Applications, including high volume e-commerce and payment solutions, ensuring their full compliance with the Payment Card Industry Data Security Standard (PCI DSS) Level 1. David is also an active Information Security blogger and runs the ITSecurityExpert.co.uk Web site.

Summary:  This is the second in a two-part tutorial series on creating secure Java®-based Web applications using Rational® Application Developer, Data Studio and Rational AppScan. In Part 1 you developed a Java Web application with Rational Application Developer, and then deployed the application on WebSphere Application Server with Java Server Pages (JSP). This tutorial shows you how to scan the Wealth application created in Part 1 using Rational AppScan to discover and fix all known Web security vulnerabilities. It also shows how to re-scan your application and generate reports.

Date:  04 May 2008
Level:  Intermediate
PDF:  A4 and Letter (2440 KB | 62 pages)Get Adobe® Reader®

Activity:  16551 views
Comments:  

Before you start

This tutorial is recommended to Web application developers, Web application testers, quality assurance teams, information security professionals and anyone else wishing to ensure their Web applications are free from all known Web security vulnerabilities. This tutorial will show how to achieve this goal using IBM Rational AppScan.

About this series

This two-part series aims to broaden your Web application development skills through the use of Rational Application Developer, Data Studio and Rational AppScan.

  • Part 1 uses the IDE capabilities of Rational Application Developer and the pureQuery features of Data Studio to efficiently create a Java-based wealth management Web application.
  • In Part 2 you are going to take advantage of the many Rational AppScan features available to harden, or make secure, the Java application by discovering vulnerabilities and fixing them so that you can be confident about deploying your Web application.

Back to top

About this tutorial

This tutorial will show you how to install, configure and use Rational AppScan to scan the Wealth Java Web application created in Part 1 (see Resources). You will use Rational AppScan scans to ensure your Web application is free from Web security vulnerabilities. Along the way you will learn how to achieve the most out of Rational AppScan, including:

  • Deployment strategy
  • Customizing a scan template
  • Performing a scan
  • Interpreting and learning from scan results
  • Producing scan reports
  • Using Rational AppScan extensions

This tutorial starts with an overview of Web application security. The overview explains the importance of using Rational AppScan, to ensure the elimination of Web security vulnerabilities within the application development process of a public facing Web application. There is also an overview of Rational AppScan deployment and licensing considerations to help you get the most out of using Rational AppScan.

Back to top

System requirements

To complete the steps in this tutorial you need:

  • A copy of IBM Rational AppScan Standard Edition. A full or temporary Rational AppScan license. The downloaded trial version of Rational AppScan only allows the scan of a default Web site. It may be possible to obtain a temporary short term Rational AppScan license from your IBM Rational Sales contact.
  • A Laptop with network connectivity to the Tutorial 1 workstation/server.

1 of 10 | Next

Comments

Back to top

Close [x]

Help: Update or add to My dW interests

What's this?

This little timesaver lets you update your My developerWorks profile with just one click! The general subject of this content (AIX and UNIX, Information Management, Lotus, Rational, Tivoli, WebSphere, Java, Linux, Open source, SOA and Web services, Web development, or XML) will be added to the interests section of your profile, if it's not there already. You only need to be logged in to My developerWorks.

And what's the point of adding your interests to your profile? That's how you find other users with the same interests as yours, and see what they're reading and contributing to the community. Your interests also help us recommend relevant developerWorks content to you.

View your My developerWorks profile

Return from help

Close [x]

Help: Remove from My dW interests

What's this?

Removing this interest does not alter your profile, but rather removes this piece of content from a list of all content for which you've indicated interest. In a future enhancement to My developerWorks, you'll be able to see a record of that content.

View your My developerWorks profile

Return from help

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Rational, Information Management, Java technology
ArticleID=306658
TutorialTitle=Create secure Java applications productively, Part 2
publish-date=05042008
author1-email=dw@itsecurityexpert.co.uk
author1-email-cc=

Table of contents

1 of 10 | Next

Next steps from IBM

Tags

Help
Use the search field to find all types of content in My developerWorks with that tag.

Use the slider bar to see more or fewer tags.

Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).

My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).

Use the search field to find all types of content in My developerWorks with that tag. Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere). My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).

 

Dig deeper into Rational on developerWorks

Try IBM PureSystems. No charge.

IBM PureSystems on a kaleideoscope background

Experience today!

Get started with the cloud-based trial and pattern development kit.

Share this page:

  • Close [x]

Follow developerWorks:

  • Close [x]