The Privilege Escalation Runner automates the scanning with different login credentials, and then continues to perform the Privilege Escalation tests available in IBM Security AppScan.
IBM Security AppScan Standard 7.5 and above.
To use this eXtension, first record a login sequence with each user role. This can be done by following these steps:
- Open the Scan Configuration (Shortcut: F10)
- Make sure the Starting URL is configured
- Select the Login/Logout tab
- Select the Recorded Login radio button
- Press the New button, and record a login sequence
- Save the login sequence to a file using the Save As button at the bottom
- Record additional login sequences by repeating steps 5-6
Once the login sequences are recorded, open the extension's main form from Tools > Extensions > Privilege Escalation Runner.
In the form, perform the following steps:
- Browse to a Scan configuration template to use when performing the scans (must include the starting URL)
- This can be done by configuring the current scan, and then choosing Save As Template within the Scan Configuration Dialog
- Browse to the primary recorded login file, marking a standard user (average permission level)
- Add any additional login sequences for logins with different permissions (e.g. admin, other users, etc.)
- Optionally change the max URLs per scan, scan files location and results file
- Hit Run!
The eXtension will proceed to run individual scans, once with no login and once with each login sequence, and save those scans into the configured folder. When all the scans have run, the scan with the primary login will be configured for Privilege Escalation testing with the other scans, and the test phase will be run with these tests only. Finally, the results will be saved to the results scan file.
No, this eXtension is provided "as-is" by IBM.
|eXtension (AppScan Standard v8.5 and below)||PrivilegeEscalationRunnerExtension-bin-1.0.zip||15KB|
|eXtension source (AppScan Standard v8.5 and below)||PrivilegeEscalationRunnerExtension-src-1.0.zip||23KB|
|eXtension (AppScan Standard v8.6 and above)||PrivilegeEscalationRunnerExtension-bin-2.0.zip||90KB|
|eXtension source (AppScan Standard v8.6 and above)||PrivilegeEscalationRunnerExtension-src-2.0.zip||95KB|
- Google Code Project.
- In the IBM Security AppScan area on developerWorks, get the resources you need to advance your skills in the testing arena.
Get products and technologies
- Download trial versions of IBM Rational software.
- Download IBM product evaluation versions and get your hands on application development tools and middleware products from DB2®, Lotus®, Rational®, Tivoli®, and WebSphere®.