Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
1 reply Latest Post - ‏2014-09-11T06:04:39Z by MarekStepien
RFT_Sj
RFT_Sj
1 Post
ACCEPTED ANSWER

Pinned topic AppScan Standard 9.0 ,GlassBox features questions

‏2014-08-28T05:07:13Z |

Hi All,

Kindly help me in solving these queries:

1. Benefit of using Glass box scan apart from revealing unreferenced parameters at application server. (In context with Fiddler, HTTPWatcher), what extra and unique information glass box scan provides.

 

2. The sample screen shots highlights class Name (DBUtil.class), what internal mechanism glass box scan use/ how it provides class name and most important- the SQL query. Does appscan use some decompiler? Kindly provide detailed information.

**Note: see attached Image: GlassBox.jpeg

 3. Is it possible to customize standard compliance reports? If yes, How?

4. Information regarding dataset. Where AppScan stores vulnerability dataset?

5. Do AppScan collects any confidential information related to application?

6. Regarding Continuous integration with AppScan? Can it be integrated with Jenkins, SVN?

7. Support for testing RestFul Web Services?

8. Whether AppScan is capable of handling Flash based login? Like testing games build using Flash.

Regards

Attachments

  • MarekStepien
    MarekStepien
    76 Posts
    ACCEPTED ANSWER

    Re: AppScan Standard 9.0 ,GlassBox features questions

    ‏2014-09-11T06:04:39Z  in response to RFT_Sj

    This is a lot of general and deep questions. Let me answer some of them.

    4. AppScan stores the vulnerabilities in an internal encrypt database.

    5. It depends what you mean by confidential. The confidential information may be the user name and password that you give to AppScan in order to login into the application.  The information that AppScan gather is what the users can get from the application using a regular browser (AppScan uses HTTP protocol to access the application, in the same way as regular browser does).

    6. AppScan is a UI application, but it also has a lot of functions in Command Line interface. I guess those command lines can be integraded with Jenkins. However, I have not heard anybody doing it.

    7. Consult  http://www.ibm.com/support/docview.wss?uid=swg21622568

    8. AppScan is able to handle Flash files, however the options to parse and to execute Flash file needs to be set (they are not set by default).
     

    Updated on 2014-09-11T06:05:02Z at 2014-09-11T06:05:02Z by MarekStepien