As you set up the integration between HCL AppScan Tester Edition and Engineering Test Management, you use a wizard to install sample data and configure communication between the
products.
Before you begin
In HCL AppScan Tester Edition, you must run the Configuration wizard.
When the wizard is completed, make sure that the Launch Default Settings
Wizard check box is selected.
About this task
Organizations use HCL AppScan Tester Edition to distribute the responsibility for security
testing among multiple stakeholders and to test for vulnerabilities, such as cross-site scripting,
buffer overflows, and SQL injection early in the web application delivery lifecycle. When Engineering Test Management is integrated with HCL AppScan Tester Edition, you can run security tests
directly from Engineering Test Management.
Procedure
-
On the Welcome page, from the list, select Integrate with
Rational Quality Manager and then click Next.
Scan templates, test policies, and server groups are created for Engineering Test Management users.
-
In the Default Setting window, configure the options for HCL AppScan
Tester Edition.
-
Select the instance name that this setup is for;
for example, ASE.
By default, the instance that was configured in the Configuration wizard
is selected.
-
Enter the name or a point of contact for the items that the wizard created. If necessary, you
can edit the items later. By default, the contact name is the service account for the selected
instance.
-
Enter a name for the default root folder. The default folder is the root folder for all other
folders that you create.
-
Enter the URL to access HCL AppScan Tester Edition; then, click
Next.
The URL is in this format:
http://myserver/mydomain/appscan/.
By default, the application URL is the current computer's FODN (fully qualified domain
name).
-
If you use an LDAP server with HCL Security AppScan Tester Edition, on the
LDAP Settings page, select the Enable LDAP check
box.
-
In the Server Name field, enter the LDAP group name.
-
In the Group Query field, enter the path of the group query that is used
to retrieve user group information. You can use an LDAP server or an Active Directory server.
- Optional:
If you want to integrate with the LDAP server by using anonymous access, select the
Anonymous access check box. By default, this option is disabled.
-
Click Test LDAP to confirm that the configuration works.
-
On the IP Security Permissions page, configure the IP addresses and ranges
that are permitted for scanning.
Use a dash to define IPv4 ranges; for example, 1.2.3.4–. Use a prefix to define IPv6
ranges; for example, fe80::/10.
-
On the Populate Database with Sample Data page, select the
Populate Sample Data check box.
The HCL AppScan Tester Edition database is populated with scan templates, server groups
that are based on the servers and IP addresses that are listed in your HCL AppScan Tester Edition
license, and test policies for running security tests. If necessary, you can edit this data later in
HCL AppScan Tester Edition.
- Optional:
Select the Install RQM Sample Data check box and then click
Next.
Engineering Test Management is populated with a sample test plan, test cases, and test
scripts. The sample data provides an example of how to create security test plans for your
environment.
-
In the Engineering Test Management settings window, configure several options.
-
Enter the server name where Engineering Test Management is located.
-
Enter the HTTP port for the server where Engineering Test Management is located. The default
port is 9080.
-
Enter the HTTPS port for the server where Engineering Test Management is located. The default
port is 9443.
-
Enter your user name for Engineering Test Management. This account is used for defect
tracking.
-
Enter the password Engineering Test Management. The password is case-sensitive.
-
Enter the relevant project area. The default is Quality Manager.
-
Click Test Connection to verify that the communication between HCL Security AppScan and Engineering Test Management works, and then click
Next.
-
The HCL AppScan Enterprise Integration page configures the Quality
Management (QM) server to connect back to HCL AppScan Tester Edition. Several settings are already
configured, but you must configure a few.
-
Enter the SQL Server host name or IP address where HCL Security AppScan Tester Edition
is located.
-
To use Windows authentication to access the SQL Server
where HCL AppScan Enterprise is located, select Use Windows Authentication.
Windows authentication is available only if Engineering Test Management is installed on a Windows operating
system. The account under which server runs must also have permission to access the HCL AppScan
Tester Edition database. For a list of the database roles, see the HCL Security AppScan
Enterprise documentation.
-
To use SQL authentication to access the SQL Server where HCL AppScan Tester Edition is located,
select Use SQL Authentication. Then, in the SQL DB
User and SQL DB Password fields, enter the user name and password
for the HCL AppScan Tester Edition database. For a list of the database roles, see the HCL AppScan
Enterprise documentation.
Note: By default, SQL Server 2005 is installed with Windows
authentication only. Before you continue, make sure that the SQL Server is configured to allow SQL
Server or mixed-mode authentication.
-
To verify that Engineering Test Management can connect with HCL Security AppScan Tester
Edition, click Test AppScan Connection and then click
Next.
The
Default Settings Wizard Progress page opens, displaying the
setup progress.
By default, all users are given access to all server groups and test policies. You
can define more granular security permissions on the Users and Groups page of
the Administration tab in HCL Security AppScan Tester
Edition.
-
If errors occurred, click the link to view the log file. When you are finished, click
Exit to close the wizard.