Filter by products, topics, and types of content

(430 Products)

(763 Topics)

(20 Industries)

(15 Types)

1 - 42 of 42 results
Show Summaries | Hide Summaries
View Results
Title none Type none Date down
Scan your app to find and fix OWASP Top 10 - 2017 vulnerabilities
Today's modern web applications are more than a match for most desktop PC applications and continue to push boundaries by taking advantage of limitless cloud services. But more powerful web applications means more complicated code, and the more complicated the code, the greater the risk of coding flawswhich can lead to serious security vulnerabilities within the application. Web application vulnerabilities face exploitation by relentless malicious actors, bent on profiteering from data theft, or gaining online notoriety by causing mischief. This article looks at securing web applications by adopting industry best application development practices, such as the OWASP Top 10 and using web application vulnerability scanning tools, like IBM Rational AppScan.
Also available in: Russian  
Articles 12 Dec 2017
Validating CSRF vulnerabilities reported by automated scanners
This tutorial covers how to manually validate cross-site request forgery (CSRF) vulnerabilities that can be reported by an automated security scanner, such as IBM AppScan. Most automated scanners, including IBM AppScan, do not accurately report CSRF vulnerabilities, as they are built on predefined rules and cannot completely determine the legitimacy of certain types of vulnerabilities like CSRF. To validate such issues, one needs to manually reproduce the vulnerability and decide whether it is indeed true or a false alarm. This tutorial is a step-by-step guide to reproduce and validate the reported CSRF vulnerabilities by using a custom-made flow chart and also provides guidance on using the open source tool "CSRF Tester" that provides a rich functionality to validate such vulnerabilities. 
Articles 27 Nov 2017
Identify and avoid false positives with IBM AppScan
IBM Security AppScan is a tool that performs dynamic security scanning of web applications and services to identify the security vulnerabilities that are present in applications. Along with valid vulnerabilities, an automated scanning tool can also report vulnerabilities that turn out to be invalid upon further manual analysis. These "vulnerabilities" are commonly known as false positives. In this article, we discuss some common false positives reported by AppScan and provide guidance on how a tester can validate whether the reported issue is a false positive or not. Additionally, the article explains how to avoid such false positives from being reported by making the proper configuration changes to the AppScan tool.
Also available in: Japanese  
Articles 31 Aug 2016
Assess the vulnerability of an enterprise's applications and network
This tutorial describes effective ways of conducting vulnerability assessments of web applications and networks in any organization and illustrates how to proactively defend against cyber attacks using a combination of enterprise-grade and trustworthy vulnerability scanners such as Tenable Nessus Scanner and IBM Security AppScan Enterprise.
Tutorial 23 Aug 2016
Custom Test Creator
This extension allows users to extend the tests executed by AppScan.
Downloads 22 Jun 2015
Mail-E-Vent
Mail-E-Vent adds the ability of sending email notifications to Security AppScan. Users can configure which events will trigger an email, as well the ability to send a PDF report at the end of the scan.
Downloads 27 Apr 2015
Speak and Scan
This eXtension uses the Microsoft Win32 Speech API (SAPI) to make IBM Security AppScan speak in human voice when certain events occur during scan. You can configure what voices will be used through the Windows text-to-speech (TTS) engine.
Downloads 27 Apr 2015
OWASP top 10 vulnerabilities
Look at the top 10 web application security risks worldwide as determined by the Open Web Application Security Project. Then discover how IBM Security AppScan helps website administrators find, correct, and avoid these and other web security threats.
Articles 20 Apr 2015
IBM Security AppScan Source Quick Process Guide
Discover an easy-to-understand process you can use to produce comprehensive, dependable, and actionable security findings using IBM Security AppScan Source. The process described in this tutorial helps security auditors and developers take their AppScan Source scan results to the next level, by customizing AppScan Source to their organization's application technologies and enforcing their application security policies, using tools already available in AppScan Source.
Articles 11 Sep 2014
Optimize your AppScan Enterprise scans
The practices described in this white paper will help security testers configure and run more successful scans with IBM Security AppScan Enterprise Edition.
Articles 08 Aug 2014
IBM Security AppScan
Download a free trial version of IBM Security AppScan Standard Edition, a leading web application security testing tool that automates vulnerability assessments and scans and tests for all common Web application vulnerabilities including SQL-injection, cross-site scripting and buffer overflow.
Also available in: Chinese   Portuguese   Spanish  
Trial Downloads 21 Jul 2014
Streamline your organization's mobile application security testing program with IBM Security AppScan Source 9.0
Many applications today are written for mobile devices. These applications are developed and released at a rapid speed. Yet the security of many of these applications remains a major concern. AppScan Source 9.0 streamlines your organization’s mobile application security testing with the introduction of local mode, integration with IBM Worklight, and by expanding its support of the Mac platform.
Also available in: Russian  
Articles 17 Jun 2014
AppScan 9.0 Standard Report Templates: Modifying reports with Microsoft Word
In this white paper you learn to export report templates from AppScan Standard, modify them with Microsoft Word, and import them back to AppScan Standard. This feature, new in Version 9.0, makes it easy to customize reports.
Articles 19 May 2014
Prevent cross-site request forgery: Know the hidden danger in your browser tabs
Explore two strategies to help prevent cross-site request forgery attacks as you review a detailed, step-by-step cross-site request forgery attack scenario. Also, look at some issues for scanning tools as they try to find cross-site request forgery vulnerabilities.
Also available in: Chinese   Russian   Japanese  
Articles 25 Mar 2014
Importing .scan files into AppScan Enterprise
IBM Security AppScan Enterprise is deployed at organization level within an enterprise to provide application scanning and centralized dashboard reporting about the scans findings. Security testers often install IBM Security AppScan> Standard on their laptop and desktop computers to scan applications because AppScan Standard is more flexible and portable. To provide a complete picture of the scan results in the AppScan Enterprise dashboard, the security testers must import their scan results from AppScan Standard to AppScan Enterprise. This document describes the step-by-step instructions for importing and exporting .scan file formats from AppScan Standard to AppScan Enterprise.
Articles 11 Mar 2014
Implementing an AppScan Enterprise-based Web Security Solution
Learn to design and implement an installation of AppScan Enterprise that enables multiple business units within a company to have separate, independent instances of AppScan Enterprise from a single installation.
Articles 11 Feb 2014
Fight against SQL injection attacks
In the world of security exploits, one vulnerability, although easily resolved, is number one on the OWASP top 10: the Structured Query Language (SQL) injection attack. Although this class has existed since 1995, it remains one of the most prevalent attacks on web assets. Get to know the SQL injection attack and discover how it's carried out on a production website. Then learn how to test a website for this class of vulnerability by using IBM Security AppScan Standard.
Also available in: Russian   Japanese  
Articles 04 Feb 2014
Automated security testing with IBM Security AppScan Enterprise 8.7 and Selenium IDE
Learn how quality assurance testers seeking increased automation within the software development life cycle can leverage IBM Security AppScan Enterprise and the Selenium IDE browser plug-in for Firefox to include dynamic application security testing in their functional tests.
Articles 02 Dec 2013
System security and practical penetration testing
Evolving vulnerabilities in web-facing applications are a growing and troublesome trend. This fact, coupled with a growing community of cybercriminals and hacktivists, means that your applications could be the next new example of a high-profile breach. Discover some of the tools the hacking community uses, and learn how you can protect yourself against them.
Also available in: Russian  
Articles 24 Sep 2013
Static and dynamic testing in the software development life cycle
Yesterday, the idea of application security was mostly an afterthought. But given the plethora of news on hacking and underground economies for exploits, security testing is now an integral part of the software development life cycle. This article explores two aspects of security testing and the open source tools that simplify their execution.
Articles 26 Aug 2013
IBM Security AppScan Source: Explore functions
This is a summary guide to learn the basics of using IBM Security AppScan Source Edition. Derek Chowaniec will show you how to configure applications for scanning, alter the scanning configuration for your security needs, use the integrated tools to build a report, triage the information based on your findings, and configure the system to scan and analyze precompiled code. Tom Mulvehill shows you how to hunt down vulnerabilities in Android applications.
Articles 11 Jul 2013
Optimize security by combining data from across the infrastructure
Learn how IBM Security provides the best security insight by combining data from across an organization's entire infrastructure.
Articles 09 Jul 2013
IBM Security AppScan Standard: Scan and analyze results
This is a summary guide to getting started scanning for web application vulnerabilities with IBM Security AppScan Standard Edition and analyzing the results. Watch a video demonstration to learn how to configure AppScan for a dynamic scan of a new application. Follow a case study that demonstrates using AppScan Standard to scan and test two web applications. Watch a five-step process to help you analyze the results of your scan. Then watch a real-life scenario in which AppScan Standard is used (with AppScan Source) to establish embedded security analysis. A bonus is also included: An AppScan Standard guide to testing mobile applications.
Articles 19 Jun 2013
Introduction to Manual Explorer in IBM Security AppScan Enterprise 8.7
IBM Security AppScan Enterprise V8.7 includes the new Manual Explorer tool, which helps security analysts find more URLs and explore pages that are difficult to explore with automated explorer tools. The Security AppScan Enterprise team has improved the Manual Explorer to address some drawbacks of the earlier plug-in. Currently, Security AppScan Enterprise V8.7 supports both the Manual Explorer tool and the Manual Explore plug-in. In this article, learn about the new Manual Explorer tool by using step-by-step instructions to install and configure the tool.
Articles 21 May 2013
Secure your mobile applications
With the explosive growth in the mobile ecosystem, mobile application security is a huge concern. New mobile application designs require new ways of testing to ensure data safety. In this article, explore different aspects of mobile application security. With hands-on examples, learn to use IBM Security AppScan Standard with mobile user agents and with emulators and actual devices for Android and iOS.
Also available in: Russian  
Articles 16 Apr 2013
Case study: AppScan security scan of Rational Focal Point
Using IBM Rational Focal Point as an example, Shivakumar Patil describes using IBM Security AppScan Standard edition to test web-based applications and their external endpoints, such as SOAP and REST web services.
Articles 29 Jan 2013
Introduction to AppScan Policies
IBM Security Appscan is a tool that provides automated security scanning to web applications. Each scan policy within IBM Security AppScan covers a particular aspect of the application security. Using the right policy produces optimal scanning results and reduces false positives. In this article, get an overview of IBM Security AppScan policies, and learn which policy is optimal based on the type of application and its stage of development. The article also provides a side-by-side policy comparison that details each scan policy that is offered by the IBM Security AppScan tool.
Articles 13 Nov 2012
Craft a SaaS-oriented vulnerability mitigation policy
Many businesses and industries depend on web-based software to run business processes, conduct transactions, and deliver services to customers. When a deadline looms, organizations may get frantic and sacrifice secure features to bring the application into production. This is a fast (and reactive) solution that results in a usually defective application. A better, proactive solution is to create a SaaS-oriented web application vulnerability mitigation policy (and employ a SaaS-based vulnerability scanner) into place that anticipates application vulnerabilities and has several solutions to repair them ready to go. The author will provide a roadmap to such a policy and illustrate using a scanner tool in the form of IBM Rational AppScan products.
Also available in: Chinese   Russian   Japanese  
Articles 12 Jan 2012
Automated vulnerability scanning of web applications with Rational AppScan
This article uses two examples to explain how to use Rational AppScan Standard Edition v8.5 for automated security vulnerability testing of web and web service applications. The authors also set the stage for examples to explore the regulatory compliance reporting capabilities.
Also available in: Chinese  
Articles 13 Dec 2011
Planning a security strategy: Three core questions to ask
Security teams are overwhelmed by the increasing need to safeguard their information assets. Simultaneously, CEOs are thinking of how to cost-effectively ensure security across their organizations that often span geographic borders. They all want a simple answer to a complex question: Where do I begin? That's what this article is about.
Also available in: Chinese  
Articles 29 Oct 2009
What's new in IBM Rational Software Analyzer Version 7.1
Learn about the new software integration, programming language support, and technology support in Version 7.1 of IBM Rational Software Analyzer. This extensible software helps you review software code, identify bugs, and enforce code quality policy early in the software development cycle, when problems are easier and less expensive to correct.
Also available in: Chinese   Spanish  
Articles 14 Jul 2009
HTTPScout
This eXtension launches (the ultra-useful) Nmap port scanner and attempts to locate open ports on the scanned Web server, that speak HTTP or HTTPS. Once the port scan is done, HTTPScout will add the HTTP-speaking ports to the current scan configuration. This eXtension is useful to discover additional HTTP applications on the same server (e.g. web based administration consoles) and add them to the scan automatically.
Downloads 13 Jan 2009
Test Positive
This tool can be used to view any vulnerability outside IBM Security AppScan.
Downloads 13 Jan 2009
Event Logger
You can use this eXtension to decide which IBM Security AppScan event will be logged to a textual file that you define.
Downloads 13 Jan 2009
AXE (XmlExport)
AXE (Automatic XML Export) automatically exports scan results into XML to a specified location, when the scan is over. The export location can either be a local drive or a network shared drive. This eXtension can become handy if you are using 3rd party software that consumes IBM Security AppScan results on a regular basis.
Downloads 13 Jan 2009
IBM Security AppScan Reporter for Microsoft PowerPoint (beta)
This eXtension creates executive summary presentations from scan results based on user templates.
Downloads 13 Jan 2009
Non-Vulnerable XMLExport
This eXtension exports the non-vulnerable scan results into XML to a specified location.
Downloads 13 Jan 2009
Best practices for SOA nonfunctional testing
In the course of developing a Service-Oriented Architecture (SOA) application, your organization will most likely have nonfunctional requirements (NFRs) that need significant implementation and testing. Shiv Asthana describes the best practices you should adhere to when testing nonfunctional requirements for applications built as part of an SOA environment.
Also available in: Chinese  
Articles 28 Aug 2008
Brasil: Segurança na Web é com IBM Rational Appscan
Varredura de Segurança de Aplicativo da Web: Resultados abrangentes e recursos personalizáveis
Articles 20 Aug 2008
Create secure Java applications productively, Part 2
This is the second in a two-part tutorial series on creating secure Java-based Web applications using Rational Application Developer, Data Studio and Rational AppScan. In Part 1 you developed a Java Web application with Rational Application Developer, and then deployed the application on WebSphere Application Server with Java Server Pages (JSP). This tutorial shows you how to scan the Wealth application created in Part 1 using Rational AppScan to discover and fix all known Web security vulnerabilities. It also shows how to re-scan your application and generate reports.
Tutorial 04 May 2008
IBM Rational AppScan: Hacking Web applications by using cookie poisoning
This article explains why session management and session management security are complex tasks, which is why they are usually left for commercial products to handle. The article describes how the tokens are generated for two commercial application engines. The author then analyzes the strength of each mechanism, explains its weakness, and demonstrates how such weakness can be exploited to execute an impersonation and privacy breach attack. He also discusses the feasibility of the attack. Lastly, he recommends an approach to session management that separates the security from the functionality, with the latter carried out by application engines, but the former provided by a dedicated application security product.
Also available in: Chinese  
Articles 01 Apr 2008
IBM Rational AppScan: Cross-site scripting explained
Learn how hackers launch a cross-site scripting (XSS) attack, what damage it does (and doesn't), how to detect them, and how prevent your Web site and your site visitors from these malicious invasions of privacy and security.
Also available in: Chinese  
Articles 25 Mar 2008
1 - 42 of 42 results
Show Summaries | Hide Summaries