Transferred from: http://www.nxadmin.com/tools/675.html
This article will detail the details of the AppScan feature options settings, suitable for e-general, first contact AppScan children's shoes reference reading.
Appscan is one of the most widely used tools on the Web application penetration Test stage. It is a desktop application that helps professional security personnel perform Web application Automation vulnerability assessments. This article focuses on configuring and using Appcan, and the analysis scan results are discussed in the next article.
Main features of AppScan:
The Appscan 8.5 Standard Edition has many new features, most of which will be covered in my summary below:
Flash Support: 8.0 AppScan A relatively early version of the Flash support feature that explores and tests Adobe-based flex framework applications and also supports the AMF protocol.
Glass Box Testing::glass Box testing is a new feature introduced in AppScan. In this process, install a proxy server, which helps to discover hidden URLs and other problems.
Web Service scanning: Web service scanning is a scanning feature with effective automation support in AppScan.
Java Scripting Security Analysis: AppScan describes JavaScript security analysis, analyzes crawling HTML page vulnerabilities, and allows users to focus on different client issues and the DOM (Document Object model)-based XSS issues.
Report: Depending on your requirements, you can generate reports in the format you want.
Fix support: For a identified vulnerability, the program provides a description of the vulnerability and a remediation scenario.
Customizable scanning strategy: AppScan comes with a set of customized scanning strategies that you can customize to suit your needs.
Tool Support: It has like authentication test, Token parser and HTTP request editor, etc., to facilitate manual testing of vulnerabilities.
Support for Ajax and dojo frameworks.
Now, let's continue to learn more about installing and using Rati?? Onal AppScan The process of scanning a Web application.
Installation of AppScan:
The system to run AppScan requires at least 2GB of RAM and ensures that. NET Framwork and Adobe Flash are installed to perform the Flash content during the scan. Before going any further, it is important to note that this kind of automatic scanner sends data to the server, which may cause the server to exceed the load during the scan, so it may delete the data on the server, add new records and even crash the server. Therefore, it is best to back up all the data before scanning.
Close all open applications before installing AppScan. Click Install file and the Installation Wizard will appear, if you have not installed the. Net Framwork,appscan installation process will be installed automatically and requires a reboot. As instructed by the wizard, you can easily complete the installation. If you are using a default license, you will only be allowed to scan the test site in AppScan. To scan your website, you will need to purchase a licensed version for a fee.
Exploration and testing phase:
Before we start scanning, let's take a look at AppScan's work. Any automated scanner has two goals: identify all available links and attacks to find application vulnerabilities.
Explore (Explore):
During the exploratory phase, AppScan attempted to traverse all available links in the site and establish a hierarchy. It makes a request and, depending on the response, determines where a vulnerability is affected. For example, if you see a landing page, it will determine the validation by bypassing the injection. Do not perform any attacks during the exploratory phase, just determine the direction of the test. This phase determines the structure of the site and the scope of vulnerabilities that will be tested by sending multiple requests.
Testing (TEST):
During the testing phase, AppScan tested the vulnerabilities in the application by attacking them. Determine the security vulnerabilities established during the exploratory phase by releasing the payload of the actual attack. and rank according to the severity of the risk.
A new link to the site may be discovered during the testing phase, so AppScan will start another scan after the exploratory and testing phase is complete, and continue to repeat the process until no new links can be tested. The number of scans can also be configured in the user's settings.
Start AppScan Scan:
AppScan's trial version can be downloaded and installed from the following link:
Http://www.ibm.com/developerworks/downloads/r/appscan/~~V
Start scanning, start AppScan, and you will see the Welcome screen shown in Figure A.
Figure A
Click "Create new Scan" to start scanning a new Web application
Figure II
Choose a scan template that suits your needs. The template includes a scan configuration that is already defined. The Configuration Wizard appears after you select a template. It will ask you the type of scan you choose, select "Web application Scan", then click Next
The Scan Configuration Wizard is a core part of the tool, and using the Setup Wizard will let AppScan know that there are many requirements to choose from.
URL and Servers (URL and server)
starting URL (start URL): This feature specifies the starting URL to scan. In most cases, this will be the landing page for the site. Select http:// Demo.testfire.net This demo station to test Web application vulnerabilities. If you want to limit the scan to only the links in this directory, select the check box.
Case Sensitive Path (casing selection): Select this if your server URL has a case-sensitive difference. The difference in case is based on the server's operating system, which is sensitive to case Linux/unix and Windows is not.
Might
Additional Servers and Domains (additional servers and domains): AppScan attempts to crawl all links on this site during the scanning process. When it finds a link pointing to a different domain, it is not scanned for attacks unless specified in "Additional Servers and Domains". So, by specifying the link under the label, tell AppScan to continue the scan, Even if it and the URL are different under the domain. Click Next to continue.
Login Management (Login management)
During the scan, you may accidentally encounter an exit button that causes AppScan to log off. Therefore, to log into the application, we need to follow the settings in this article.
Recorded (record): After selecting this item, a new browser appears, and try to link to the specified Web site as the starting URL for this scan. You need to enter your account number and password to log in to the application. You can close the browser after this setting, but do not click the logout button. Sometimes you will find that the browser you open is not IE or Mozilla, but AppScan browser. You can change this by setting . tools–>options–>advanced, set the value of Openiebrower 0–appscan Browser, 1–ie,2–firefox,3–chrome. If the site behaves differently under different browsers, This setting will be very useful.
Figure Four
Prompt (hint): after each logoff, AppScan will prompt you to log in to the application. If you intend to scan your system throughout, you can choose this option.
Automatic (Automatic): Here you can specify the user name and password directly, when you need to login to the application.
Figure Five
Click Next to continue.
Test Policy
Depending on your test strategy, you need to choose the strategy that best suits your needs, the existing policies are default, only apply and basic settings, intrusive, complete, critical minority, and so on. Most of these are using existing strategies. If you don't want to send a test and logout page when you log in, you can choose this option.
Figure Six
Click Next to continue.
Complete
This is the last step to start the scan. IBM Rational AppScan allows you to choose the scanning method you want, which is to complete the scan, explore the scan, etc.
Start a full automatic SACN (starting a complete automatic scan): with the configuration created earlier, AppScan will begin the exploration and testing phase.
start with automatic explore only (start Discovery Scan): AppScan only explores the application, but does not send an attack.
Start with manual Explore (start manual exploration): The browser will be opened and you can manually browser the application.
When you want to make more changes to the scan configuration, you can choose the last option "I will start scan later".
Before we start, we have something important to do, it's the heart and soul of AppScan-the Full Scan configuration window. Let's see why it's so important when scanning any application.
AppScan Penetration Testing Tool
Figure VII:
Full Scan Configuration
In, there are four main parts – Explore, link, test and general, let's look at specific details:
Explore
URL and Servers (URL and server): scanned URLs and handling of additional server links.
Login Management (Login management): In addition to the login method, if you want to log in AppScan at the same time, through this can be specified. This reduces the total scan time. You can also specify a regular expression to detect the logout page.
Figure Eight:
environment definition (environment defined): in this setting, you can specify the operating system, Web server, database server, and other third-party components that can help you improve the accuracy and performance of your scans.
Figure Nine:
Exclude Paths and files (exclude path and file): sets specific paths that are excluded during the scan, even for specific files, such as. MPs or. 7z. You can set it with regular expressions under this option.
Explore options (browse option): The redundant path option helps to set AppScan limit on the number of scans for the same path. Because sometimes appscan may enter an infinite loop to scan the same URL again and again.
Parameters and cookies (parameters and Cookies): includes detailed information about the parameters and cookies that exist in the application.
Automatic Form Fill (Automatic Form Fill): During the scanning process, AppScan encounters the form that needs to be entered. For example, a registration page may require input values such as user name and address. By selecting this option, you can have appscan fill in this information automatically.
Error pages (Error page): The Errors page you entered in this configuration will help AppScan to determine the error page.
multi-step Operations (Multi-Step operation): There are some applications that can only be achieved if the data you request is in a certain order (e-commerce site, for example). With this setting you can click "Start recording" to record its sequence.
Glass Box Scanning: Glass box scanning is a new feature introduced by AppScan, the agent will be installed on the server, which helps scan to find hidden URLs and other problems.
Communication and Proxy (communications and proxies): You can specify whether the scanner can use the Internet Explorer proxy settings (or not use any proxies).
HTTP authentication (HTTP authentication): use client certificates to upload certificate files and key files.
Test Policy: All test names are listed in this section, and if you don't want to appscan scan for specific vulnerabilities, you can cancel any one of them.
Figure 10:
Test options : This section allows you to select the appropriate test options. AppScan It takes a lot of time to send a lot of tests. However, choosing the suitability test, AppScan will attempt to send to determine if the test is appropriate. It detects that the server is IIS and sends only the vulnerability detection test for IIS, without checking for other server-related issues.
Privilege escalation (privilege escalation): You can upload scanned files that are scanned by users with different permissions or by unauthorized users.
Scan expert (scan specialist): scanning experts make recommendations to better scan applications.
Click OK to return to the Original Scan wizard window. Select Start a full automatic SACN and click Finish. Complete the configuration process and start the AppScan scan. In the next article, we will explore the analysis of AppScan scan results.
Original link: http://resources.infosecinstitute.com/ibm-rational-appscan/
e-Text level and experience is limited, translation is not very accurate, welcome you a lot of comments.
IBM Rational AppScan Use detailed instructions