Filter by products, topics, and types of content

(27 Products)

(71 Topics)

(3 Industries)

(7 Types)

1 - 27 of 27 results
Show Summaries | Hide Summaries
View Results
Title none Type none Date none
IBM Security AppScan Source Quick Process Guide
Discover an easy-to-understand process you can use to produce comprehensive, dependable, and actionable security findings using IBM Security AppScan Source. The process described in this tutorial helps security auditors and developers take their AppScan Source scan results to the next level, by customizing AppScan Source to their organization's application technologies and enforcing their application security policies, using tools already available in AppScan Source.
Articles 11 Sep 2014
Identify and avoid false positives with IBM AppScan
IBM Security AppScan is a tool that performs dynamic security scanning of web applications and services to identify the security vulnerabilities that are present in applications. Along with valid vulnerabilities, an automated scanning tool can also report vulnerabilities that turn out to be invalid upon further manual analysis. These "vulnerabilities" are commonly known as false positives. In this article, we discuss some common false positives reported by AppScan and provide guidance on how a tester can validate whether the reported issue is a false positive or not. Additionally, the article explains how to avoid such false positives from being reported by making the proper configuration changes to the AppScan tool.
Also available in: Japanese  
Articles 31 Aug 2016
Streamline your organization's mobile application security testing program with IBM Security AppScan Source 9.0
Many applications today are written for mobile devices. These applications are developed and released at a rapid speed. Yet the security of many of these applications remains a major concern. AppScan Source 9.0 streamlines your organization’s mobile application security testing with the introduction of local mode, integration with IBM Worklight, and by expanding its support of the Mac platform.
Also available in: Russian  
Articles 17 Jun 2014
Implementing an AppScan Enterprise-based Web Security Solution
Learn to design and implement an installation of AppScan Enterprise that enables multiple business units within a company to have separate, independent instances of AppScan Enterprise from a single installation.
Articles 11 Feb 2014
IBM Rational AppScan: Hacking Web applications by using cookie poisoning
This article explains why session management and session management security are complex tasks, which is why they are usually left for commercial products to handle. The article describes how the tokens are generated for two commercial application engines. The author then analyzes the strength of each mechanism, explains its weakness, and demonstrates how such weakness can be exploited to execute an impersonation and privacy breach attack. He also discusses the feasibility of the attack. Lastly, he recommends an approach to session management that separates the security from the functionality, with the latter carried out by application engines, but the former provided by a dedicated application security product.
Also available in: Chinese  
Articles 01 Apr 2008
AppScan 9.0 Standard Report Templates: Modifying reports with Microsoft Word
In this white paper you learn to export report templates from AppScan Standard, modify them with Microsoft Word, and import them back to AppScan Standard. This feature, new in Version 9.0, makes it easy to customize reports.
Articles 19 May 2014
Optimize your AppScan Enterprise scans
The practices described in this white paper will help security testers configure and run more successful scans with IBM Security AppScan Enterprise Edition.
Articles 08 Aug 2014
Case study: AppScan security scan of Rational Focal Point
Using IBM Rational Focal Point as an example, Shivakumar Patil describes using IBM Security AppScan Standard edition to test web-based applications and their external endpoints, such as SOAP and REST web services.
Articles 29 Jan 2013
IBM Security AppScan Source: Explore functions
This is a summary guide to learn the basics of using IBM Security AppScan Source Edition. Derek Chowaniec will show you how to configure applications for scanning, alter the scanning configuration for your security needs, use the integrated tools to build a report, triage the information based on your findings, and configure the system to scan and analyze precompiled code. Tom Mulvehill shows you how to hunt down vulnerabilities in Android applications.
Articles 11 Jul 2013
Importing .scan files into AppScan Enterprise
IBM Security AppScan Enterprise is deployed at organization level within an enterprise to provide application scanning and centralized dashboard reporting about the scans findings. Security testers often install IBM Security AppScan> Standard on their laptop and desktop computers to scan applications because AppScan Standard is more flexible and portable. To provide a complete picture of the scan results in the AppScan Enterprise dashboard, the security testers must import their scan results from AppScan Standard to AppScan Enterprise. This document describes the step-by-step instructions for importing and exporting .scan file formats from AppScan Standard to AppScan Enterprise.
Articles 11 Mar 2014
Automated vulnerability scanning of web applications with Rational AppScan
This article uses two examples to explain how to use Rational AppScan Standard Edition v8.5 for automated security vulnerability testing of web and web service applications. The authors also set the stage for examples to explore the regulatory compliance reporting capabilities.
Also available in: Chinese  
Articles 13 Dec 2011
Introduction to Manual Explorer in IBM Security AppScan Enterprise 8.7
IBM Security AppScan Enterprise V8.7 includes the new Manual Explorer tool, which helps security analysts find more URLs and explore pages that are difficult to explore with automated explorer tools. The Security AppScan Enterprise team has improved the Manual Explorer to address some drawbacks of the earlier plug-in. Currently, Security AppScan Enterprise V8.7 supports both the Manual Explorer tool and the Manual Explore plug-in. In this article, learn about the new Manual Explorer tool by using step-by-step instructions to install and configure the tool.
Articles 21 May 2013
Automated security testing with IBM Security AppScan Enterprise 8.7 and Selenium IDE
Learn how quality assurance testers seeking increased automation within the software development life cycle can leverage IBM Security AppScan Enterprise and the Selenium IDE browser plug-in for Firefox to include dynamic application security testing in their functional tests.
Articles 02 Dec 2013
IBM Rational AppScan: Cross-site scripting explained
Learn how hackers launch a cross-site scripting (XSS) attack, what damage it does (and doesn't), how to detect them, and how prevent your Web site and your site visitors from these malicious invasions of privacy and security.
Also available in: Chinese  
Articles 25 Mar 2008
Introduction to AppScan Policies
IBM Security Appscan is a tool that provides automated security scanning to web applications. Each scan policy within IBM Security AppScan covers a particular aspect of the application security. Using the right policy produces optimal scanning results and reduces false positives. In this article, get an overview of IBM Security AppScan policies, and learn which policy is optimal based on the type of application and its stage of development. The article also provides a side-by-side policy comparison that details each scan policy that is offered by the IBM Security AppScan tool.
Articles 13 Nov 2012
IBM Security AppScan Standard: Scan and analyze results
This is a summary guide to getting started scanning for web application vulnerabilities with IBM Security AppScan Standard Edition and analyzing the results. Watch a video demonstration to learn how to configure AppScan for a dynamic scan of a new application. Follow a case study that demonstrates using AppScan Standard to scan and test two web applications. Watch a five-step process to help you analyze the results of your scan. Then watch a real-life scenario in which AppScan Standard is used (with AppScan Source) to establish embedded security analysis. A bonus is also included: An AppScan Standard guide to testing mobile applications.
Articles 19 Jun 2013
Validating CSRF vulnerabilities reported by automated scanners
This tutorial covers how to manually validate cross-site request forgery (CSRF) vulnerabilities that can be reported by an automated security scanner, such as IBM AppScan. Most automated scanners, including IBM AppScan, do not accurately report CSRF vulnerabilities, as they are built on predefined rules and cannot completely determine the legitimacy of certain types of vulnerabilities like CSRF. To validate such issues, one needs to manually reproduce the vulnerability and decide whether it is indeed true or a false alarm. This tutorial is a step-by-step guide to reproduce and validate the reported CSRF vulnerabilities by using a custom-made flow chart and also provides guidance on using the open source tool "CSRF Tester" that provides a rich functionality to validate such vulnerabilities. 
Articles 27 Nov 2017
Fight against SQL injection attacks
In the world of security exploits, one vulnerability, although easily resolved, is number one on the OWASP top 10: the Structured Query Language (SQL) injection attack. Although this class has existed since 1995, it remains one of the most prevalent attacks on web assets. Get to know the SQL injection attack and discover how it's carried out on a production website. Then learn how to test a website for this class of vulnerability by using IBM Security AppScan Standard.
Also available in: Russian   Japanese  
Articles 04 Feb 2014
Create secure Java applications productively, Part 2
This is the second in a two-part tutorial series on creating secure Java-based Web applications using Rational Application Developer, Data Studio and Rational AppScan. In Part 1 you developed a Java Web application with Rational Application Developer, and then deployed the application on WebSphere Application Server with Java Server Pages (JSP). This tutorial shows you how to scan the Wealth application created in Part 1 using Rational AppScan to discover and fix all known Web security vulnerabilities. It also shows how to re-scan your application and generate reports.
Tutorial 04 May 2008
Assess the vulnerability of an enterprise's applications and network
This tutorial describes effective ways of conducting vulnerability assessments of web applications and networks in any organization and illustrates how to proactively defend against cyber attacks using a combination of enterprise-grade and trustworthy vulnerability scanners such as Tenable Nessus Scanner and IBM Security AppScan Enterprise.
Tutorial 23 Aug 2016
Secure your mobile applications
With the explosive growth in the mobile ecosystem, mobile application security is a huge concern. New mobile application designs require new ways of testing to ensure data safety. In this article, explore different aspects of mobile application security. With hands-on examples, learn to use IBM Security AppScan Standard with mobile user agents and with emulators and actual devices for Android and iOS.
Also available in: Russian  
Articles 16 Apr 2013
OWASP top 10 vulnerabilities
Look at the top 10 web application security risks worldwide as determined by the Open Web Application Security Project. Then discover how IBM Security AppScan helps website administrators find, correct, and avoid these and other web security threats.
Articles 20 Apr 2015
Static and dynamic testing in the software development life cycle
Yesterday, the idea of application security was mostly an afterthought. But given the plethora of news on hacking and underground economies for exploits, security testing is now an integral part of the software development life cycle. This article explores two aspects of security testing and the open source tools that simplify their execution.
Articles 26 Aug 2013
Optimize security by combining data from across the infrastructure
Learn how IBM Security provides the best security insight by combining data from across an organization's entire infrastructure.
Articles 09 Jul 2013
Planning a security strategy: Three core questions to ask
Security teams are overwhelmed by the increasing need to safeguard their information assets. Simultaneously, CEOs are thinking of how to cost-effectively ensure security across their organizations that often span geographic borders. They all want a simple answer to a complex question: Where do I begin? That's what this article is about.
Also available in: Chinese  
Articles 29 Oct 2009
Prevent cross-site request forgery: Know the hidden danger in your browser tabs
Explore two strategies to help prevent cross-site request forgery attacks as you review a detailed, step-by-step cross-site request forgery attack scenario. Also, look at some issues for scanning tools as they try to find cross-site request forgery vulnerabilities.
Also available in: Chinese   Russian   Japanese  
Articles 25 Mar 2014
System security and practical penetration testing
Evolving vulnerabilities in web-facing applications are a growing and troublesome trend. This fact, coupled with a growing community of cybercriminals and hacktivists, means that your applications could be the next new example of a high-profile breach. Discover some of the tools the hacking community uses, and learn how you can protect yourself against them.
Also available in: Russian  
Articles 24 Sep 2013
1 - 27 of 27 results
Show Summaries | Hide Summaries