Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your developerWorks profile is displayed to the public, but you may edit the information at any time. Your first name, last name (unless you choose to hide them), and display name will accompany the content that you post.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

Select a language:

  • Close [x]
  • Close [x]

Web application security

Introduction to Rational AppScan automated scanning

Date:  07 Oct 2011 (Published 28 Jun 2011) |Level: Introductory ||

Sign in to save your progress (Learn more)

Saving your progress (Learn more)

1. Review what's important to ask at the planning stage

Read: Planning a security strategy: Three core questions to ask(Security teams are overwhelmed by the increasing need to safeguard their information assets. Simultaneously, CEOs are thinking of how to cost-effectively ensure security across their organizations that often span geographic borders. They all want a simple answer to a complex question: Where do I begin? That's what this article is about.)Item marked not complete - Click to mark complete

Watch: IBM application security solutions, brief demonstrations(See brief demos of IBM Rational AppScan and IBM Tivoli Access Manager. These two products complement each other. Tivoli Access Manager grants access to web applications, and Rational AppScan ensures that these applications are scanned and tested for vulnerabilities.)Item marked not complete - Click to mark complete

2. Evaluate your risk and implementation strategy

Read: Web application security: automated scanning versus manual penetration testing (PDF)(In this IBM Redguide publication, we explain how your organization can evaluate its risk for hackers entering into your systems. We also explain how your organization can implement security testing and integrate solutions to improve security and protect your information assets.)Item marked not complete - Click to mark complete

3. Consider the advantages of automated scanning

Read: Web application security: automated scanning versus manual penetration testing (PDF)(As web applications become increasingly complex, tremendous amounts of sensitive data are exchanged and stored, including personal, medical and financial information. Consumers expect and even demand that this information be kept secure. There are two primary methods for discovering web application vulnerabilities: using manual penetration testing and code review or using automated scanning tools and static analysis. This white paper compares these two methods.)Item marked not complete - Click to mark complete

4. Decide which Rational AppScan edition fits your needs

Read: AppScan edition comparison chart(Rational AppScan is available in several editions: Source, Standard, Enterprise, Reporting, Console, Build, Tester, Express, and OnDemand. This chart of the differences among the editions will help you decide which works best for you.)Item marked not complete - Click to mark complete

Read: AppScan Standard Edition(Rational AppScan Standard Edition automates vulnerability testing to help protect against the threat of cyber-attack with a solution that combines dynamic analysis, static JavaScript analysis, and ease of use.)Item marked not complete - Click to mark complete

Read: AppScan Express Edition(By enabling small and mid-sized businesses to evaluate your web security posture on an ongoing basis, rather than performing quarterly or yearly audits, Rational AppScan Express Edition can yield much higher levels of security and, at the same time, help dramatically reduce costs.)Item marked not complete - Click to mark complete

Read: AppScan Source Edition overview: Finding security flaws in application source code(The AppScan Source Edition integrates security testing into the software development life cycle, while helping development teams, security analysts, auditors, and compliance managers strengthen application security, protect confidential information, and improve governance, risk management and compliance.)Item marked not complete - Click to mark complete

5. Learn how to scan your web application for vulnerabilities

Watch: AppScan Standard - Scanning a web Application(This demo takes you through the process of scanning a web application for security vulnerabilities using Rational AppScan Standard Edition.)Item marked not complete - Click to mark complete

6. Install the Rational AppScan free trial and evaluate the software

Practice: AppScan trialItem marked not complete - Click to mark complete




Rate this content



Give us feedback

Submission failed. Please try again.

Please complete one of the following questions before submitting.

1. Are you finished with this knowledge path?

       

2. How much did you learn?

           

3. Tell us more

  • What did you like/dislike?
  • What can we do better?

2500 characters left

Disabled Submit button

Close [x]

Add to My dW interests

Submission failed. Please try again.

Topics:

  • Security

My profile

Close [x]

developerWorks: Sign in


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 

The first time you sign into developerWorks, a profile is created for you. Select information in your developerWorks profile is displayed to the public, but you may edit the information at any time. Your first name, last name (unless you choose to hide them), and display name will accompany the content that you post.

All information submitted is secure.

Close [x]

Choose your display name

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 

All information submitted is secure.

Close [x]

Save your progress Green checked checkmark

When you sign in, we will save this item to your developerWorks community home page and track your progress so you know what you've completed and where to resume when you return.

For a list of your saved items, see your My Home > My saved items page.

Close [x]

Thank you for your feedback. We appreciate your sharing your opinion with us.

Close [x]

Do you want to save your progress?

, Sign in to save your progress

Close [x]

Save your progress

Sorry. Our server is not available, and we cannot display your saved progress at this time.

Your progress will be displayed when the server is available again. Any previous progress is retained, and additional progress is being tracked.

If your most recent progress is not displayed within 24 hours, you can click the checkmark to indicate completion.

Close [x]

Help: Update or add to My dW interests

What's this?

This little timesaver lets you update your developerWorks profile. The general subjects of this content will be added to the interests section of your profile, along with the associated technical topics. You only need to be signed in to developerWorks.

And what's the point of adding your interests to your profile? That's how you find other users with the same interests as yours, and see what they're reading and contributing to the community. Your interests also help us recommend relevant developerWorks content to you.

View your developerWorks profile

Return from help

About this knowledge path

The need for application security is becoming greater than ever, yet the task of securing your application manually can be daunting and time-consuming, at the least. This knowledge path introduces developers to automated vulnerability scanning with Rational AppScan software and gives you an overview of the functions that it can perform, as well as how to do basic scanning tasks.

Activities in this path

  1. Review what's important to ask at the planning stage
  2. Evaluate your risk and implementation strategy
  3. Consider the advantages of automated scanning
  4. Decide which Rational AppScan edition fits your needs
  5. Learn how to scan your web application for vulnerabilities
  6. Install the Rational AppScan free trial and evaluate the software

Related resources

Share this page:

  • Close [x]

Follow developerWorks:

  • Close [x]
static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Rational
ArticleID=756182
publish-date=10072011