Comments (3)
  • Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

1 Dinis_Cruz commented Permalink

So what would this AppScan security appliance looks like?

 
Our first step should be to define what should the first PoC look like?
 
What AppScan products would be in there?
What would be the workflows?
What already exists (in terms of APIs and Web Interfaces) with the existing AppScan products?
What would need to be developed?
Where should the PoC be hosted?

2 sp1r0 commented Permalink

K698_Dinis_Cruz:

 

3 sp1r0 commented Permalink

I think a good start would be to have a server installation running:

 
-- AppScan Source for Security (whitebox)
 
-- Standard (blackbox)
 
-- AppScan Enterprise (web based scanning and reporting)
 
-- Some type of Continuous Integration environment
 
-- Appropriate development environment IDEs, SDKs, and build tools
 
-- Local GitHub repository to manage artifacts
 
-- Typical suite of security tools and scripts
 
-- VPN Tunnel / Remote Access into this environment
 
Am I missing anything? The workflow seems like it deserves a new post since there are a couple of really key concepts that need some real investigation as I see it.