AppScan™ QA Edition FAQs—Technical Overview
Home
Solutions
  - AppScan™ DE
  - AppScan™ QA
    - FAQ
    - FREE Trial
    - Detailed Information
  - AppScan™ Audit
  - AppShield™
  - AppShield Appliance
  - AppAudit
  - Whitepapers
Demos
Partners
Inside Sanctum
Web Perversion
Customers
News & Events
Support & Services
  - Support
Contact Us
Gov't Legislation
and Compliance
AppScan 4.5 QA Edition FAQs—Technical Overview   Knowledge Center

  1. What are the minimum system requirements to install AppScan 4.5?
  2. Where does AppScan install in my IT environment?
  3. What operating systems does AppScan support?
  4. Does AppScan support search engines?
  5. Which protocols does AppScan support?
  6. Can AppScan automatically crawl my site if it requires HTTP authentication?
  7. Can AppScan automatically crawl my site if my site utilizes client side certificates for authentication?
  8. Can AppScan automatically crawl my site if my site utilizes NTLM?
  9. How does AppScan explore my application?
  10. How does AppScan test my application?
  11. Can I schedule scans?
  12. What is the Business Record and Play and how does it work?
  13. What is AppScan's Transient Management System?
  14. How does AppScan handle JavaScript?
  15. What is SQL injection and does AppScan test for it?
  16. What is Cross-Site Scripting and does AppScan test for it?
  17. How does AppScan identify login requests and what tests does it run on the login pages?
  18. Can I save and share scan types and session data?
 
What are the minimum system requirements to install AppScan 4.5?
 

Minimum System & Software Requirements:

  • Computer: Pentium III PC, 500 MHz (800 MHz recommended)
  • Operating System: Windows 2000 with SP2 or higher, Windows XP, Windows 2003 Enterprise edition
  • RAM: 512 Mbytes (1GB recommended for scanning large sites)
  • Network: 1 NIC 10/100 MBPS for network communication with configured TCP/IP (100 MBPS recommended)
  • Disk Space: 1 GB
  • Software: Internet Explorer 5.5 or 6.x (You can install AppScan without IE, but you must install IE before running AppScan on your machine.)

 
Back to Questions
 
Where does AppScan install in my IT environment?
 

AppScan is a standalone Windows 2000 or Windows XP application. As a result, it can be installed on any network compatible Windows 2000 Professional or Windows XP machine and run against a site from within or outside of a network firewall.

 
Back to Questions
 
What operating systems does AppScan support?
 

AppScan runs on Microsoft Windows 2000,Windows XP and Windows 2003 Enterprise edition.

 
Back to Questions
 
Does AppScan support search engines?
 

Yes. Search engines require the input of parameter values from end users like any other application. AppScan can assess the security the search engine web applications.

 
Back to Questions
 
Which protocols does AppScan support?
 

AppScan supports HTTP 1.0, HTTP 1.1 and HTML 3.2.

 
Back to Questions
 
Can AppScan automatically crawl my site if it requires HTTP authentication?
 

Yes. AppScan can crawl a site requiring HTTP authentication. Completion of the automatic form filler during the configuration of the explore stage will ensure that AppScan will automatically fill in the user name and password required during the HTTP authentication process.

 
Back to Questions
 
Can AppScan automatically crawl my site if my site utilizes client side certificates for authentication?
 

Yes. AppScan supports web sites requiring client side certificates to authenticate users; the AppScan user needs only to load the required certificate in order to scan the site.

 
Back to Questions
 
Can AppScan automatically crawl my site if my site utilizes NTLM?
 

Yes. AppScan supports web sites running NTLM. The user only needs to enable this option from within AppScan's General Settings menu.

 
Back to Questions
 
How does AppScan explore my application?
 

The purpose of the explore stage is to learn the behavior and structure of the application so that the tests AppScan creates and customizes are extremely effective at identifying all potential vulnerabilities. When in automatic mode, AppScan behaves like a user and rapidly visits every page of your site, except for those filtered by configuration settings. For each page it visits, it analyzes the application's handling of the HTTP requests and responses. In the process, it detects potential vulnerabilities in the forms, HTML code, links embedded in JavaScript, and CGI's. Once the explore stage is complete, AppScan has created an extensive battery of custom tests it will run against the site to determine the location and severity of actual vulnerabilities.

 
Back to Questions
 
How does AppScan test my application?
 

AppScan's tests are designed to find security defects in the application code itself and in the underlying technologies that support it. Each test is created and customized automatically by AppScan before it is sent to the application. When the application responds to a test, AppScan's Expert Security System quickly and precisely analyzes the response to determine if it indicates a vulnerability or not. In addition, every response is categorized and rated automatically based on the likelihood that it is a vulnerability and the level of risk associated with the vulnerability.

 
Back to Questions
 
Can I schedule scans?
 

Yes. Scan Scheduling is a powerful feature that enables users to trigger scans to run at the optimal times of the day or week. With AppScan it is possible to schedule one or more scans to run from the Scheduler feature in the user interface. Scans can also be scheduled to run remotely from the command line of the computer on which AppScan is installed.

 
Back to Questions
 
What is the Business Record and Play and how does it work?
 

Applications are typically designed to facilitate one or more key business processes. AppScan provides users with the opportunity to record and playback a specific business process or a collection of business processes for one-time testing or regression testing as a part of a test plan. These business processes are stored as XML which enables easy modification retesting etc.

 
Back to Questions
 
What is AppScan's Transient Management System?
 

Transients are what applications use to create and maintain sessions with the user. Transients can disrupt automated testing tools and limit their effectiveness if the testing tool does not properly manage them. As AppScan explores and tests an application or a site, this system stores, tracks, and modifies the transients in cookies or URL parameters that allow the application being tested to maintain a state through the entire session. Within the context of application testing or auditing, AppScan's ability to automatically manage transients in this way increases the consistency and accuracy of its results. In addition, it allows users to re-run tests later-on without having to start the process over from the beginning.

 
Back to Questions
 
How does AppScan handle JavaScript?
 

Nearly every site today uses JavaScript to enhance client-side functionality. Until now, there hasn't been a testing tool that could explore JavaScript, identify potentially dangerous content, and test the links embedded in it. This problem was solved with the current version of AppScan.

AppScan can parse JavaScript and test any and all of the areas of the application that are accessible through it. This means users no longer have to remember to test JavaScript links manually but can rely on AppScan to do this automatically. Results no longer contain client-side logic "blind spots".

 
Back to Questions
 
What is SQL injection and does AppScan test for it?
 

Web applications commonly use SQL to add, edit, or retrieve data from a database. If an application is not sufficiently protected from this form of attack, a hacker can inject SQL commands into a form field and have the backend database execute them. The destructive potential for this attack is enormous. SQL injection can enable a hacker to:

  1. Obtain any or all of the information stored in the database
  2. Erase records
  3. Bring down the database

AppScan runs a series of tests during a scan to determine if the application is vulnerable to SQL injection. It does this safely to ensure that the integrity of the database and its contents are not compromised.

 
Back to Questions
 
What is Cross-Site Scripting and does AppScan test for it?
 

Many web applications contain forms and other interactive components that allow the end user to pass information to the application. Instead of passing benign information into the application through the form, hackers will pass scripts (written in JavaScript or VBscript typically) to the application. The scripts usually contain code for forms or other manners of collecting information from a web page. As a result of this process, hackers can insert their own scripts into web applications that enable them to do things like:

  • Steal user names and passwords
  • Collect customer information

AppScan runs a complete series of tests against every application to determine if it is susceptible to this popular type of attack.

 
Back to Questions
 
How does AppScan identify login requests and what tests does it run on the login pages?
 

AppScan automatically detects Login pages by analyzing the traffic during the explore phase, and indicates in the Explore Results on requests that were detected as a Login requests. In addition, you can "teach" AppScan how to login to your application by using the "manual login" feature.

The Login pages/scripts are usually a very sensitive spot in the application, but if you prefer that AppScan will not test these pages/scripts, you can configure it to skip the tests on all pages that were detected as Login pages.

 
Back to Questions
 
Can I save and share scan types and session data?
 

AppScan's collaborative scan utilities enable a user to save and share scan types and session data. As a result, one user can perform a scan of a site initially and then a second user can perform the exact same scan moving forward. Likewise, session data can be shared among AppScan users to further facilitate collaborative application assessments. In addition to sharing information, the ability to archive and recall scan types and session data provides users with the ability to perform longitudinal assessments also known as regression tests in order to measure changes in an application's or site's security over time.

 
Back to Questions
 

 
AppShield, AppScan, Policy Recognition, and Adaptive Reduction are trademarks of Sanctum, Inc. All other product names referenced are the property of their respective owners and are hereby acknowledged.

 
 Datasheet
 Product White Paper
 AppScan™ QA Features
 FAQ's
 - Product Overview
 - Licensing ... Training
 - Results Communication
 - Technical Overview
 Case Studies
 OWASP Compliance
 Press Releases
 AppScan™ QA in the News
 Support & Services
 Demo
 AppScan Extranet

Free Trial
AppScan QA

Strategic Partner Solutions
 - Mercury Interactive
Because you need a fast, cost-effective route to web application security.
 - Partner Directory

Contact Me Now
Click here if you would like a Sanctum Sales Rep to contact you within 24 hours.

 © 2004 Sanctum, Inc.    Privacy Statement  |   Legal Disclaimer
  1. https://www.gustudentassociation.org/
  2. https://kimmerestaurant.com/
  3. https://www.nyonyafood.com/
  4. https://www.perfectotech.com/
  5. https://www.planetgapyear.com/
  6. https://whatcomvet.com/
  7. https://theclassicyachtexperience.com/
  8. https://www.batonrougerosesociety.org/
  9. https://www.finburysullivan.com/
  10. https://mikrofinanzinstitut.com/
  11. https://oakgroveplantationsc.com/
  12. https://www.the-vision-of-harmony.org/
  13. https://www.pantheonpress.com/
  14. https://thefinancialgraduate.com/
  15. https://www.thenutkitchen.com/
  16. https://altiboutique.com/
  17. https://ambushsweden.com/
  18. https://goingonforgod.com/
  19. https://lasdopestattorney.com/
  20. https://www.sewardne.com/
  21. https://www.tehranfestival.com/
  22. https://www.bistrotmarin.com/
  23. https://brysonchristianmontessorischool.com/
  24. https://www.excalibureurope.com/
  25. https://www.tropicaltopless.com/
  26. https://www.originallotsoflox.com/
  27. https://www.wavespace-berlin.com/
  28. https://www.nicolasboutruche.com/
  29. https://www.michiganmediates.org/
  30. https://www.victoria-abbott.com/
  31. https://www.yourmyrtlebeachproperty.com/
  32. https://metrcconference.com/
  33. https://biotechscope.com/
  34. https://jzbrasil.com/
  35. https://kingswoodacquisition.com/
  36. https://www.mobilegourmetkitchen.com/
  37. https://saafootball.org/
  38. https://griefergames.info/
  39. https://ampalauragarcianoblejas.com/
  40. sbobet
  41. judi parlay
  42. togel kamboja
  43. Pengeluaran Cambodia
  44. judi bola
  45. demo slot
  46. Togel Kamboja
  47. keluaran Kamboja
  48. slot thailand
  49. togel kamboja
  50. keluaran kamboja
  51. togel Kamboja
  52. slot demo
  53. keluaran cambodia
  54. togel cambodia
  55. demo mahjong
  56. live draw macau
  57. slot thailand
  58. pengeluaran kamboja
  59. judi bola
  60. sbobet