Use of 1.Appscan Tools

Source: Internet
Author: User

AppScan just focus on the security of the application layer

One, AppScan scan
1, white box scan = static scan, scan source code.
2, Dynamic scan = black box scan, use tools to simulate hacker attacks, to see the response of the application layer. There will be a large number of compromised libraries inside the product, and when we send a mock attack to our application, we use the tool to analyze the response.

Second, AppScan Web application scanning process

Third, automatic network exploration capability Advantage


Four, setting up the Configuration Wizard
Test URL: http://demo.testfire.net/bank/login.aspx
File-----> New-----> Predefined templates (select "General Scan" as an example)----->web application Scans------> input requires test URLs


Click "Record"

Username:jsmith
password:demo1234



Then close the Altoro mutual:online Banking Longin-appscan Browser, in the Scan Configuration Wizard page of the "Log in application using the following login sequence" box will show the login of the member login successful after the URL information, and then click "Next"


Then click Next

Click Finish

Select "Yes" to save automatically

Save Scan Results


Five, Web Services scan

Interface Test URL: http://demo.testfire.net/transfer/transfer.asmx?wsdl

To select a generic service client in the Scan Configuration Wizard

Set the Start URL

Default Test Policy Web Service

Complete


Display the Generic Services window


Enter User ID selection call


Input of Transfer interface data

Method invocation



After the discovery is complete, close the Generic Sercice client window, and AppScan will analyze the results of the exploration and scan
Then select Test only in the scan options

Show scan Results



Vi. Glass Box scanning-Architecture





Open the Wed App scan file, select Glass box Agent Management-----Glass box Agent in the Tools menu options


can help users discover hidden parameters, page


Vii. Record Agent


Use of 1.Appscan Tools

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.