The developerWorks Connections platform will be sunset on December 31, 2019. On January 1, 2020, this blog will no longer be available. More details available on our FAQ.
with Tags:
url_mapping
X
X
Source Edition Results Plug-in For AppScan Standard – Application Injection Part 2
To illustrate a real world
application for the technique described in Application Injection, we
are going to use the O2 REPL functionality to modify the running
process, in real-time, to add a Source Edition Results Plug-in to
AppScan Standard.
The resulting prototype is a way to
display and map Static and Dynamic Analysis results for a given
application that allows for a very interesting perspective - one that
highlights the strengths and weaknesses of both technologies and
allows for a deeper and more accurate investigation.
... [More]
Tags: url_mapping f4f appscan_appliance application_injection wafl appscan_source hijacking correlation callbacks source_scans_on_demand appscan_on_demand appscan_web_portal source_code frameworks web_application_framework... |
The AppScan Appliance - Proof Of Concept Definition
The AppScan Appliance – Proof Of
Concept Architecture and Application Security Process Following some great feedback I
received on my previous post regarding the concept of an AppScan Security Appliance, How The Mainframe Can Transform Application Security , I want to further define a
potential high level architecture along with a set of processes for
integration into the application development life cycle. The goal here is to
start down the path towards a Proof Of Concept including a prototype in order to demonstrate what I believe will... [More]
Tags: mvc static_analysis appscan_appliance struts spring url_mapping ounce dynamic_analysis appscan_source results correlation wafl frameworks appscan_for_analysis appscan findings appscan_correlation sp1r0 findings_viewer o2 |
Mapping Entrypoint URLs To AppScan Source Findings
Findings / Entrypoint Viewer with URL Mapping Tool Following up on my previous, high-level overview of the Web Application Framework Language (WAFL) and how it is incorporated into an AppScan Source Analysis, I want to demonstrate a tool which uncovers one of the hidden gens contained in the .wafl file...the application Entrypoints. Below are screenshots of using this tool with Altoro2, a sample application used for demonstration of both AppScan Blackbox and Whitebox technologies. I'll continue to use this application as a sample in my... [More]
Tags: cross_site_scripting customization trace_stitching asp.net integration java url web_application_framework... url_mapping o2platform sql_injection secure_by_design wafl asp.net_mvc correlation ibm xss |
WAFL - The AppScan Web Application Framework Language
AppScan Source has a [not-so] secret weapon in the Battle for Visibility: WAFL The Web Application Framework Language (WAFL) was designed as a Framework for Frameworks (F4F) by the Ounce Analysis Engine Team to model the effects that modern frameworks have on the data flowing through an application. Although this technology is mainly utilized behind the scenes to provide support for specific Java Frameworks, such as Spring MVC and Struts, as well as generic .NET framework validation and data binding - the information captured in the .wafl... [More]
Tags: ibm asp.net cross_site_scripting o2platform customization trace_stitching asp.net_mvc wafl url_mapping web_application_framework... secure_by_design url correlation xss sql_injection integration java |
