AppScan™ Audit Edition FAQs—Technical Overview
Home
Solutions
  - AppScan™ DE
  - AppScan™ QA
  - AppScan™ Audit
    - FAQ
    - FREE Trial
    - Detailed Information
  - AppShield™
  - AppShield Appliance
  - AppAudit
  - Whitepapers
Demos
Partners
Inside Sanctum
Web Perversion
Customers
News & Events
Support & Services
  - Support
Contact Us
Gov't Legislation
and Compliance
AppScan™ Audit Edition FAQs—Technical Overview   Knowledge Center

  1. What are the minimum system requirements to install AppScan 4.5?
  2. Where does AppScan install in my IT environment?
  3. What operating systems does AppScan support?
  4. Can AppScan function if I configure HTTP on a different port than 80?
  5. Which protocols does AppScan support?
  6. How does AppScan explore my application?
  7. How does AppScan test my application?
  8. What is Login/Logout Test Control?
  9. What is Login Before Manual Testing?
  10. Does AppScan support search engines?
  11. Can AppScan automatically crawl my site if it requires HTTP authentication?
  12. Can AppScan automatically crawl my site if my site utilizes client side certificates for authentication?
  13. Can AppScan automatically crawl my site if my site utilizes NTLM?
  14. Can I schedule scans?
  15. What is the Business Record and play and how does it work?
  16. How does AppScan 4.0 handle JavaScript?
  17. What is SQL injection and does AppScan test for it?
  18. What is Cross-Site Scripting and does AppScan test for it?
  19. What is the offline session mode?
  20. What source code does AppScan understand?
 
What are the minimum system requirements to install AppScan 4.5?
 

Minimum System & Software Requirements:

  • Computer: Pentium III PC, 500 MHz (800 MHz recommended)
  • Operating System: Windows 2000 with SP2 or higher, Windows XP, Windows 2003 Enterprise edition.
  • RAM: 512 Mbytes (1GB recommended for scanning large sites)
  • Network: 1 NIC 10/100 MBPS for network communication with configured TCP/IP (100 MBPS recommended)
  • Disk Space: 1 GB
  • Software: Internet Explorer 5.5 or 6.x (You can install AppScan without IE, but you must install IE before running AppScan on your machine.)

 
Back to Questions
 
Where does AppScan install in my IT environment?
 

AppScan is a standalone Windows 2000 or Windows XP application. As a result, it can be installed on any network compatible Windows 2000 Professional or Windows XP machine and run against a site from within or outside of a network firewall.

 
Back to Questions
 
Which operating systems AppScan support?
 

AppScan runs on Microsoft Windows 2000,Windows XP and Windows 2003 Enterprise edition.

 
Back to Questions
 
Can AppScan function if I configure HTTP on a different port than 80?
 

Yes, AppScan can be configured to scan on any port (including multiple ports).

 
Back to Questions
 
Which protocols does AppScan 4.0 support?
 

AppScan supports HTTP 1.0, HTTP 1.1 and HTML 3.2.

 
Back to Questions
 
How does AppScan explore my application?
 

The purpose of the explore stage is to learn the behavior and structure of the application so that the tests AppScan creates and customizes are extremely effective at identifying all potential vulnerabilities. When in automatic mode, AppScan behaves like a user and rapidly visits every page of your site, except for those filtered by configuration settings. For each page it visits, it analyzes the application's handling of the HTTP requests and responses. In the process, it detects potential vulnerabilities in the forms, HTML code, links embedded in JavaScript, and CGI's. Once the explore stage is complete, AppScan has created an extensive battery of custom tests it will run against the site to determine the location and severity of actual vulnerabilities.

 
Back to Questions
 
How does AppScan test my application?
 

AppScan's tests are designed to find security defects in the application code itself and in the underlying technologies that support it. Each test is created and customized automatically by AppScan before it is sent to the application. When the application responds to a test, AppScan's Expert Security System quickly and precisely analyzes the response to determine if it indicates a vulnerability or not. In addition, every response is categorized and rated automatically based on the likelihood that it is a vulnerability and the level of risk associated with the vulnerability.

 
Back to Questions
 
What is Login/Logout Test Control?
 

Most web-based applications require some form of end user identification. User logon pages are a necessary part for providing many web-based services and can also supply a degree of security to a web application. However testing these pages with an automated tool can cause problems for the web application's session management capability. Authentication systems are often the source of the problem because account lockout (or deactivation) usually occurs after multiple, unsuccessful logon attempts. Further testing of these pages when "out of session" can change the entire landscape of the application test environment and present testing obstacles that may also lead to false positives/negatives test results. To circumvent these difficulties, AppScan AE provides Login/Logout Test Control to exclude/include logon/logout pages during an AppScan session. The login pages are clearly indicated in the AppScan Explore Results with a designating icon. By bypassing login/logout pages, AppScan eliminates many of the false negatives/positives that these pages can produce during the automatic scan. These sites can be tested manually at a later time and the test results are incorporated into the overall test results to assure testing accuracy.

 
Back to Questions
 
What is Login Before Manual Testing?
 

Testing web applications that require a session logon can often be a tedious and time-consuming effort. AppScan AE the Login Before Manual Testing option for testers to store information so it can be automatically submitted to a web application when performing a manual test. This timesaving feature improves testing efficiency by providing a degree of automation when working in environments that require manual testing.

 
Back to Questions
 
Does AppScan support search engines?
 

Yes. Search engines require the input of parameter values from end users like any other application. AppScan can assess the security the search engine web applications.

 
Back to Questions
 
Can AppScan automatically crawl my site if it requires HTTP authentication?
 

Yes. AppScan can crawl a site requiring HTTP authentication. Completion of the automatic form filler during the configuration of the explore stage will ensure that AppScan will automatically fill in the user name and password required during the HTTP authentication process.

 
Back to Questions
 
Can AppScan automatically crawl my site if my site utilizes client side certificates for authentication?
 

Yes. AppScan supports web sites requiring client side certificates to authenticate users; the AppScan user needs only to load the required certificate in order to scan the site.

 
Back to Questions
 
Can AppScan automatically crawl my site if my site utilizes NTLM?
 

Yes. AppScan supports web sites running NTLM. The user only needs to enable this option from within AppScan's General Settings menu.

 
Back to Questions
 
Can I schedule scans?
 

Yes. Scan Scheduling is a powerful feature that enables users to trigger scans to run at the optimal times of the day or week. With AppScan it is possible to schedule one or more scans to run from the Scheduler feature in the user interface. Scans can also be scheduled to run remotely from the command line of the computer on which AppScan is installed.

 
Back to Questions
 
What is the Business Record and Play and how does it work?
 

Applications are typically designed to facilitate one or more key business processes. AppScan provides users with the opportunity to record and playback a specific business process or a collection of business processes for one-time testing or regression testing as a part of a test plan. These business processes are stored as XML which enables easy modification retesting etc.

 
Back to Questions
 
How does AppScan handle JavaScript?
 

Nearly every site today uses JavaScript to enhance client-side functionality. Until now, there hasn't been a testing tool that could explore JavaScript, identify potentially dangerous content, and test the links embedded in it. This problem was solved with the current version of AppScan.

AppScan can parse JavaScript and test any and all of the areas of the application that are accessible through it. This means users no longer have to remember to test JavaScript links manually but can rely on AppScan to do this automatically. Results no longer contain client-side logic "blind spots".

 
Back to Questions
 
What is SQL injection and does AppScan test for it?
 

Web applications commonly use SQL to add, edit, or retrieve data from a database. If an application is not sufficiently protected from this form of attack, a hacker can inject SQL commands into a form field and have the backend database execute them. The destructive potential for this attack is enormous. SQL injection can enable a hacker to:

  1. Obtain any or all of the information stored in the database
  2. Erase records
  3. Bring down the database

AppScan runs a series of tests during a scan to determine if the application is vulnerable to SQL injection. It does this safely to ensure that the integrity of the database and its contents are not compromised.

 
Back to Questions
 
What is Cross-Site Scripting and does AppScan test for it?
 

Many web applications contain forms and other interactive components that allow the end user to pass information to the application. Instead of passing benign information into the application through the form, hackers will pass scripts (written in JavaScript or Vbscript typically) to the application. The scripts usually contain code for forms or other manners of collecting information from a web page. As a result of this process, hackers can insert their own scripts into web applications that enable them to do things like:

  1. Steal user names and passwords
  2. Collect customer information

AppScan runs a complete series of tests against every application to determine if it is susceptible to this popular type of attack.

 
Back to Questions
 
What is the offline session mode?
 

AppScan's offline session mode allows a user to access saved audit session data without a connection to the Internet or scanned site. This feature enhances the flexibility of the tool and enables users to view and work with audit session results and generate reports any time, anywhere.

 
Back to Questions
 
What source code does AppScan understand?
 

AppScan explores application behavior and looks for security vulnerabilities by analyzing the HTML output of the application. In aggregate, AppScan uses this information to identify potential vulnerabilities and to run a battery of tests against the application that are specifically designed to exploit that kind of suspected vulnerability.

 
Back to Questions
 

 
AppShield, AppScan, Policy Recognition, and Adaptive Reduction are trademarks of Sanctum, Inc. All other product names referenced are the property of their respective owners and are hereby acknowledged.

 
 Datasheet
 Product White Paper
 AppScan Audit Features
 FAQ's
 - Product Overview
 - Licensing ... Training
 - Results Communication
 - Technical Overview
 Case Studies
 OWASP Compliance
 Press Releases
 AppScan Audit in the News
 Support & Services
 Demo
 AppScan Extranet

Free Trial
AppScan Audit

Strategic Partner Solutions
 - AppScan Express
 - PricewaterhouseCoopers
Because you need a fast, cost-effective route to web application security.
 - Partner Directory

Contact Me Now
Click here if you would like a Sanctum Sales Rep to contact you within 24 hours.

 © 2004 Sanctum, Inc.    Privacy Statement  |   Legal Disclaimer
  1. https://www.gustudentassociation.org/
  2. https://kimmerestaurant.com/
  3. https://www.nyonyafood.com/
  4. https://www.perfectotech.com/
  5. https://www.planetgapyear.com/
  6. https://whatcomvet.com/
  7. https://theclassicyachtexperience.com/
  8. https://www.batonrougerosesociety.org/
  9. https://www.finburysullivan.com/
  10. https://mikrofinanzinstitut.com/
  11. https://oakgroveplantationsc.com/
  12. https://www.the-vision-of-harmony.org/
  13. https://www.pantheonpress.com/
  14. https://thefinancialgraduate.com/
  15. https://www.thenutkitchen.com/
  16. https://altiboutique.com/
  17. https://ambushsweden.com/
  18. https://goingonforgod.com/
  19. https://lasdopestattorney.com/
  20. https://www.sewardne.com/
  21. https://www.tehranfestival.com/
  22. https://www.bistrotmarin.com/
  23. https://brysonchristianmontessorischool.com/
  24. https://www.excalibureurope.com/
  25. https://www.tropicaltopless.com/
  26. https://www.originallotsoflox.com/
  27. https://www.wavespace-berlin.com/
  28. https://www.nicolasboutruche.com/
  29. https://www.michiganmediates.org/
  30. https://www.victoria-abbott.com/
  31. https://www.yourmyrtlebeachproperty.com/
  32. https://metrcconference.com/
  33. https://biotechscope.com/
  34. https://jzbrasil.com/
  35. https://kingswoodacquisition.com/
  36. https://www.mobilegourmetkitchen.com/
  37. https://saafootball.org/
  38. https://griefergames.info/
  39. https://ampalauragarcianoblejas.com/
  40. sbobet
  41. judi parlay
  42. togel kamboja
  43. Pengeluaran Cambodia
  44. judi bola
  45. demo slot
  46. Togel Kamboja
  47. keluaran Kamboja
  48. slot thailand
  49. togel kamboja
  50. keluaran kamboja
  51. togel Kamboja
  52. slot demo
  53. keluaran cambodia
  54. togel cambodia
  55. demo mahjong
  56. live draw macau