Configuring the integration between HCL AppScan Tester Edition and Engineering Test Management

As you set up the integration between HCL AppScan Tester Edition and Engineering Test Management, you use a wizard to install sample data and configure communication between the products.

Before you begin

In HCL AppScan Tester Edition, you must run the Configuration wizard. When the wizard is completed, make sure that the Launch Default Settings Wizard check box is selected.

About this task

Organizations use HCL AppScan Tester Edition to distribute the responsibility for security testing among multiple stakeholders and to test for vulnerabilities, such as cross-site scripting, buffer overflows, and SQL injection early in the web application delivery lifecycle. When Engineering Test Management is integrated with HCL AppScan Tester Edition, you can run security tests directly from Engineering Test Management.

Procedure

  1. On the Welcome page, from the list, select Integrate with Rational Quality Manager and then click Next.
    Scan templates, test policies, and server groups are created for Engineering Test Management users.
  2. In the Default Setting window, configure the options for HCL AppScan Tester Edition.
    1. Select the instance name that this setup is for;
      for example, ASE.
      By default, the instance that was configured in the Configuration wizard is selected.
    2. Enter the name or a point of contact for the items that the wizard created. If necessary, you can edit the items later. By default, the contact name is the service account for the selected instance.
    3. Enter a name for the default root folder. The default folder is the root folder for all other folders that you create.
    4. Enter the URL to access HCL AppScan Tester Edition; then, click Next.
      The URL is in this format: http://myserver/mydomain/appscan/.
      By default, the application URL is the current computer's FODN (fully qualified domain name).
  3. If you use an LDAP server with HCL Security AppScan Tester Edition, on the LDAP Settings page, select the Enable LDAP check box.
    1. In the Server Name field, enter the LDAP group name.
    2. In the Group Query field, enter the path of the group query that is used to retrieve user group information. You can use an LDAP server or an Active Directory server.
    3. Optional: If you want to integrate with the LDAP server by using anonymous access, select the Anonymous access check box. By default, this option is disabled.
    4. Click Test LDAP to confirm that the configuration works.
  4. On the IP Security Permissions page, configure the IP addresses and ranges that are permitted for scanning.
    Use a dash to define IPv4 ranges; for example, 1.2.3.4–. Use a prefix to define IPv6 ranges; for example, fe80::/10.
  5. On the Populate Database with Sample Data page, select the Populate Sample Data check box.
    The HCL AppScan Tester Edition database is populated with scan templates, server groups that are based on the servers and IP addresses that are listed in your HCL AppScan Tester Edition license, and test policies for running security tests. If necessary, you can edit this data later in HCL AppScan Tester Edition.
  6. Optional: Select the Install RQM Sample Data check box and then click Next.
    Engineering Test Management is populated with a sample test plan, test cases, and test scripts. The sample data provides an example of how to create security test plans for your environment.
  7. In the Engineering Test Management settings window, configure several options.
    1. Enter the server name where Engineering Test Management is located.
    2. Enter the HTTP port for the server where Engineering Test Management is located. The default port is 9080.
    3. Enter the HTTPS port for the server where Engineering Test Management is located. The default port is 9443.
    4. Enter your user name for Engineering Test Management. This account is used for defect tracking.
    5. Enter the password Engineering Test Management. The password is case-sensitive.
    6. Enter the relevant project area. The default is Quality Manager.
    7. Click Test Connection to verify that the communication between HCL Security AppScan and Engineering Test Management works, and then click Next.
  8. The HCL AppScan Enterprise Integration page configures the Quality Management (QM) server to connect back to HCL AppScan Tester Edition. Several settings are already configured, but you must configure a few.
    1. Enter the SQL Server host name or IP address where HCL Security AppScan Tester Edition is located.
    2. To use Windows authentication to access the SQL Server where HCL AppScan Enterprise is located, select Use Windows Authentication. Windows authentication is available only if Engineering Test Management is installed on a Windows operating system. The account under which server runs must also have permission to access the HCL AppScan Tester Edition database. For a list of the database roles, see the HCL Security AppScan Enterprise documentation.
    3. To use SQL authentication to access the SQL Server where HCL AppScan Tester Edition is located, select Use SQL Authentication. Then, in the SQL DB User and SQL DB Password fields, enter the user name and password for the HCL AppScan Tester Edition database. For a list of the database roles, see the HCL AppScan Enterprise documentation.
      Note: By default, SQL Server 2005 is installed with Windows authentication only. Before you continue, make sure that the SQL Server is configured to allow SQL Server or mixed-mode authentication.
  9. To verify that Engineering Test Management can connect with HCL Security AppScan Tester Edition, click Test AppScan Connection and then click Next.
    The Default Settings Wizard Progress page opens, displaying the setup progress.

    By default, all users are given access to all server groups and test policies. You can define more granular security permissions on the Users and Groups page of the Administration tab in HCL Security AppScan Tester Edition.

  10. If errors occurred, click the link to view the log file. When you are finished, click Exit to close the wizard.