• 1 reply
  • Latest Post - ‏2014-09-11T06:04:39Z by MarekStepien
1 Post

Pinned topic AppScan Standard 9.0 ,GlassBox features questions

‏2014-08-28T05:07:13Z |

Hi All,

Kindly help me in solving these queries:

1. Benefit of using Glass box scan apart from revealing unreferenced parameters at application server. (In context with Fiddler, HTTPWatcher), what extra and unique information glass box scan provides.


2. The sample screen shots highlights class Name (DBUtil.class), what internal mechanism glass box scan use/ how it provides class name and most important- the SQL query. Does appscan use some decompiler? Kindly provide detailed information.

**Note: see attached Image: GlassBox.jpeg

 3. Is it possible to customize standard compliance reports? If yes, How?

4. Information regarding dataset. Where AppScan stores vulnerability dataset?

5. Do AppScan collects any confidential information related to application?

6. Regarding Continuous integration with AppScan? Can it be integrated with Jenkins, SVN?

7. Support for testing RestFul Web Services?

8. Whether AppScan is capable of handling Flash based login? Like testing games build using Flash.



  • MarekStepien
    105 Posts

    Re: AppScan Standard 9.0 ,GlassBox features questions


    This is a lot of general and deep questions. Let me answer some of them.

    4. AppScan stores the vulnerabilities in an internal encrypt database.

    5. It depends what you mean by confidential. The confidential information may be the user name and password that you give to AppScan in order to login into the application.  The information that AppScan gather is what the users can get from the application using a regular browser (AppScan uses HTTP protocol to access the application, in the same way as regular browser does).

    6. AppScan is a UI application, but it also has a lot of functions in Command Line interface. I guess those command lines can be integraded with Jenkins. However, I have not heard anybody doing it.

    7. Consult

    8. AppScan is able to handle Flash files, however the options to parse and to execute Flash file needs to be set (they are not set by default).

    Updated on 2014-09-11T06:05:02Z at 2014-09-11T06:05:02Z by MarekStepien