AppScan™ QA for Mercury TestDirector FAQs
Product Overview
Home
Solutions
  - AppScan™ DE
  - AppScan™ QA
    - FAQ
    - FREE Trial
    - Detailed Information
  - AppScan™ Audit
  - AppShield™
  - AppShield Appliance
  - AppAudit
  - Whitepapers
Demos
Partners
Inside Sanctum
Web Perversion
Customers
News & Events
Support & Services
  - Support
Contact Us
Gov't Legislation
and Compliance
AppScan™ QA for Mercury TestDirector FAQs—Product Overview   Knowledge Center

  1. What business problem does the AppScan QA for Mercury TestDirector solution solve?
  2. What makes the AppScan QA for Mercury TestDirector product suite the right choice for my organization?
  3. What are the key benefits of AppScan QA for Mercury TestDirector?
  4. What are the key features of AppScan QA for Mercury TestDirector?
  5. Who benefits from using AppScan QA for Mercury TestDirector?
  6. What types of attacks does AppScan QA for Mercury TestDirector test for?
  7. How does AppScan QA for Mercury TestDirector communicate the results of my test?
  8. Does AppScan QA for Mercury TestDirector support XML/SOAP and web services?
  9. Can AppScan QA for Mercury TestDirector run against large sites?
  10. What are the strengths of AppScan QA for Mercury TestDirector's customization and automation features?
  11. Can I track changes to my application security over time with AppScan QA for Mercury TestDirector?
  12. What information does AppScan QA for Mercury TestDirector provide to the user when it finds a security vulnerability?
 
What business problem does the AppScan QA for Mercury TestDirector solution solve?
 

Today, a solid quality assurance (QA) plan must be a fundamental component of every IT department for its mission-critical applications. Adding security to the QA process supports software quality assurance and software quality management as outlined in the Capability Maturity Model (CMM, Software Engineering Institute) and is a critical step to delivering quality software to the market.

Sanctum and Mercury Interactive have partnered to deliver an integrated testing "platform" to QA organizations that combines Sanctum's Web application security testing solution, AppScan� QA, with Mercury Interactive's global test management solution, TestDirector and enables Web application security testing to become a normal part of the QA process for Mercury TestDirector� users. This integration of two best of breed products provides users with the most comprehensive testing solution available on the market today and helps organizations deliver quality, secure software on time and on budget. Now, all aspects of Web application testing-functionality, load, and security-can be managed and run from a single environment, providing customers with a lower total cost of operation, reduced business risk and on-time delivery of secure applications for a significant return on their technology investment.

 
Back to Questions
 
What makes the AppScan QA for Mercury TestDirector product suite the right choice for my organization?
 

The bottom line in web application risk assessment is efficiency, and AppScan's industry leading combination of speed, accuracy, and flexibility make it the most powerful security-testing tool in the market today. AppScan QA for Mercury TestDirector provides highly accurate and actionable information that drives enormous returns to organizations in the form of cost savings, reliable operations and strong customer relationships. The AppScan product family provides the efficiency, accuracy and flexibility needed by developers, QA, auditors and operations managers to empower the user to find and fix the bugs before the hacker does.

AppScan QA for Mercury TestDirector is the only security-testing tool on the market that seamlessly integrates with TestDirector or any other test management software.

 
Back to Questions
 
What are the key benefits of AppScan QA for Mercury TestDirector?
 

AppScan QA delivers predictive reproducible results that QA personnel can use to test applications during the development lifecycle. With tools such as delta analysis, defect changes can be determined against a baseline to develop accurate analysis, especially in changing development environments. Coupled with automated results analysis, testers can quickly identify the type, severity, and area (application or administrative) of vulnerabilities. Security can be complex to understand. AppScan QA focuses QA personnel on their core competency of testing by providing detailed defect analysis. These advisories translate technical details into business terms suitable for a range of audiences, including development management. Should the testers or developers require further understanding of the defects, AppScan QA can provide detailed views of both the test and response. In addition to testing for common web vulnerabilities and application specific vulnerabilities, AppScan QA was designed to also test any web-based XML/SOAP application. This allows testing to start today on new infrastructure technologies. Finally, AppScan QA provides tools such as API's and Command Line Interfaces to facilitate integration with your existing testing environment and allow third party tools to interact and even launch scans automatically.

By deploying AppScan QA for Mercury TestDirector, organizations can both maximize existing technology investments while reducing the cost of fixing security-related defects, ensuring faster time to market of a quality application. The results:

Lower Total Cost of Operation

  • Familiar TestDirector user interface and environment means short learning curve and investment protection
  • Centralized configuration and results viewing facilitates consistent and repetitive testing process, reducing errors and improving efficiency
  • Automation accelerates test cycles by eliminating manual test script creation
Increase Return on Investment
  • Finding and fixing security defects during QA rather than at or after deployment can reduce development costs by up to 700%. (IBM System Sciences Institute)
  • Real-time training for QA and developers on secure testing and coding techniques facilitate future secure application development
  • Increased productivity through efficient communication between QA and developers of every security defect
  • Extend existing functionality of TestDirector technology investment
Reduce Business Risk
  • Secure applications ensure a company's mission critical assets and customer privacy information cannot be compromised
  • Ensure compliance with internal security best practices and external regulations such as GLBA, HIPAA, SB1386.
  • Meet software quality assurance and software quality management guidelines outlined in the Capability Maturity Model (CMM, Software Engineering Institute)

 
Back to Questions
 
What are the key features of AppScan QA for Mercury TestDirector?
 

AppScan QA for Mercury TestDirector was developed through integration between AppScan 4.0 QA Edition and Mercury Interactive TestDirector. TestDirector is an open test management platform that enables 3'rd party testing tools to be integrated into it. Users of TestDirector can manage and run tests using tools such as WinRunner, LoadRunner etc. With AppScan QA for Mercury TestDirector they are able to manage and run AppScan tests as well.

Key features include:

  • AppScan QA is seamlessly integrated as a new 'test type' within the TestDirector environment, therefore:
    • Web application security tests run directly from TestDirector environment
    • Manage all tests (e.g. functional, load, and security) from a single console
    • Manage the configuration and running of AppScan tests from within TestDirector
    • Launch and monitor status of AppScan tests remotely
    • Automatic test creation, modification & maintenance processes needed to test and act on remediation of security defects
    • Centralized control for QA/developers to store & share configurations & sessions; keep information on past runs; and see progress along time
    • Browser-based interface - scanning performed by testing hosts
    • Test results saved and stored in TestDirector database server as 'test steps'
    • Ability to report vulnerabilities as "defects" in the TestDirector defect tracking system
    • Produces detailed security defect advisories for QA personnel viewed within TestDirector
    • Scale to any size QA team leveraging TestDirector distributed user model
    • Thin-client architecture that enables enterprise-wide deployment with no client-side installation, bringing the power of AppScan to every QA engineer, developer and manager across the enterprise
  • Easy administration: centralized control, fast deployment, and distributed workload

The integration was developed for TestDirector 7.6 and TestDirector 8.0.

 
Back to Questions
 
Who benefits from using AppScan QA for Mercury TestDirector?
 

The main benefactors are Application Testers and QA Managers. Instead of searching for security defects manually, testers can use AppScan QA for Mercury TestDirector to automatically detect security defects as an integrated component of enterprise development and testing processes. AppScan QA for Mercury TestDirector automates the test script creation, modification, and maintenance process and ensures reliable and repeatable testing. By reducing the number of development cycles and associated downtime caused by security defects found in production, secure applications are deployed faster for less money and the enterprise dramatically improves the utilization of QA and development resources.

 
Back to Questions
 
What types of attacks does AppScan QA for Mercury TestDirector test for?
 

AppScan QA for Mercury TestDirector has the most comprehensive set of test types. It automatically tests for multiple variants of the following application vulnerabilities:

  • Cross-Site Scripting
  • Parameter Tampering
  • Hidden Field Manipulation
  • Backdoors and Debug Options
  • Stealth Commanding
  • Forceful Browsing
  • Application Buffer Overflow
  • Cookie Poisoning
  • 3rd Party Misconfigurations
  • Known Vulnerabilities (associated with CWVs)
  • SQL Injection
  • HTTP Attacks
  • Suspicious content
  • XML/SOAP

The actual number of tests AppScan QA for Mercury TestDirector sends to an application depends on the logic and structure of that application. In one example, on a application with 100 links, AppScan QA for Mercury TestDirector created and sent over 4,000 different tests.

 
Back to Questions
 
How does AppScan QA for Mercury TestDirector communicate the results of my test?
 

Results of AppScan tests are displayed inside the TestDirector client. Each test is made up of "Test Steps". Each test step is a potential vulnerability that AppScan tested for. Each test step is presented as either "Passed" or "Failed" (the user can configure which AppScan results will be considered Passed and which Failed). Each test step is also assigned a "Risk Level", which can be High, Medium, or Low. Each step is presented with its name, URL, and the difference between the original HTTP request and the "hack" that AppScan attempted.

The user can also drill-down into the step, receiving highly-detailed security advisories for each and every step, including accurate fix recommendations, detailed properties and the complete HTTP/HTML traffic (request and responses) that were communicated between AppScan and the tested web server.

 
Back to Questions
 
Does AppScan QA for Mercury TestDirector support XML/SOAP and web services?
 

Yes. To scale and prepare for emerging technologies such as XML/SOAP and web services, AppScan QA for Mercury TestDirector increases its intelligent validation system to deliver the widest array of attack variants to test for new vulnerabilities and defects. QA personnel can now test both new and existing infrastructures and technologies, providing for a comprehensive testing methodology, and allowing them to keep up with emerging technologies with these newly supported platforms.

 
Back to Questions
 
Can AppScan QA for Mercury TestDirector run against large sites?
 

Yes. AppScan QA for Mercury TestDirector provides the greatest coverage and accuracy of any application security assessment and testing tool regardless of the size of the site or application. Without testing coverage and accuracy, there is little value in using an automated tool to perform an assessment. In a limited number of cases on sites with a large number of links and or applications that utilize many parameters in forms, Sanctum recommends breaking the assessments into smaller segments. Doing so has two primary advantages. One, a smaller assessment makes it much more manageable for the user to view results and generate reports. Two, because AppScan QA for Mercury TestDirector creates and sends at least 30 tests per parameter on the site or application the assessment process might take additional time on very large sites to validate every test response. In addition to segmenting the assessments into smaller chunks, running AppScan QA for Mercury TestDirector on a machine with 1GB of memory will also maintain system performance.

 
Back to Questions
 
What are the strengths of AppScan QA for Mercury TestDirector's customization and automation features?
 

AppScan QA for Mercury TestDirector can automatically explore an entire test site unassisted. A user can configure AppScan QA for Mercury TestDirector to narrow the scope or depth of the scan precisely in order to reduce unnecessary scanning. The user can define from the AppScan GUI which types of attacks to execute and whether to perform them automatically or manually. Using input from its Expert Security Testing System, AppScan QA for Mercury TestDirector automatically assigns severity and success ratings for tested attacks and provides expert advice for fixing the vulnerabilities.

 
Back to Questions
 
Can I track changes to my application security over time with AppScan QA for Mercury TestDirector?
 

Yes, by saving the sessions and using AppScan QA's Delta Analysis utility. This utility allows you to compare the differences between two saved and selected sessions. The comparison results and information is presented in the delta analysis report within AppScan that includes information about the differences between the sessions in each of the scan stages and scan results. This utility was specifically designed to allow you to track and monitor the changes in the application security that result from the application's code update.

Alternatively, since all AppScan test runs and their results are saved in the TestDirector database, it's easier than ever to keep track of test progress and see which tests have passed or failed, what exactly have been the problems discovered in past runs, and whether or not these problems have been solved in latter runs.

 
Back to Questions
 
What information does AppScan QA for Mercury TestDirector provide to the user when it finds a security vulnerability?
 

When AppScan QA for Mercury TestDirector finds a security vulnerability, it reports the test as Failed. For each Failed test, AppScan QA for Mercury TestDirector provides the user with the following information:

  • Test type (e.g., cross-site scripting, forceful browsing, etc.)
  • Link where problem was found
  • Difference between the original link to the test link
  • Details advisory on the problem that includes a technical overview of the issue, its impact, and detailed fix recommendation for the problem
  • The requests and responses that AppScan sent and received from the Web site

 
Back to Questions
 
 
 
 
AppShield, Policy Recognition, and Adaptive Reduction are trademarks of Sanctum, Inc. All other product names referenced are the property of their respective owners and are hereby acknowledged.

 
 Datasheet
 Solution Brief
 FAQ's
 - Product Overview
 - Licensing ... Training
 - Technical Overview
 - Application Security Testing

Free Trial
AppScan QA

Strategic Partner Solutions
 - Mercury Interactive
Because you need a fast, cost-effective route to web application security.
 - Partner Directory

Contact Me Now
Click here if you would like a Sanctum Sales Rep to contact you within 24 hours.

 © 2004 Sanctum, Inc.    Privacy Statement  |   Legal Disclaimer
  1. https://www.gustudentassociation.org/
  2. https://kimmerestaurant.com/
  3. https://www.nyonyafood.com/
  4. https://www.perfectotech.com/
  5. https://www.planetgapyear.com/
  6. https://whatcomvet.com/
  7. https://theclassicyachtexperience.com/
  8. https://www.batonrougerosesociety.org/
  9. https://www.finburysullivan.com/
  10. https://mikrofinanzinstitut.com/
  11. https://oakgroveplantationsc.com/
  12. https://www.the-vision-of-harmony.org/
  13. https://www.pantheonpress.com/
  14. https://thefinancialgraduate.com/
  15. https://www.thenutkitchen.com/
  16. https://altiboutique.com/
  17. https://ambushsweden.com/
  18. https://goingonforgod.com/
  19. https://lasdopestattorney.com/
  20. https://www.sewardne.com/
  21. https://www.tehranfestival.com/
  22. https://www.bistrotmarin.com/
  23. https://brysonchristianmontessorischool.com/
  24. https://www.excalibureurope.com/
  25. https://www.tropicaltopless.com/
  26. https://www.originallotsoflox.com/
  27. https://www.wavespace-berlin.com/
  28. https://www.nicolasboutruche.com/
  29. https://www.michiganmediates.org/
  30. https://www.victoria-abbott.com/
  31. https://www.yourmyrtlebeachproperty.com/
  32. https://metrcconference.com/
  33. https://biotechscope.com/
  34. https://jzbrasil.com/
  35. https://kingswoodacquisition.com/
  36. https://www.mobilegourmetkitchen.com/
  37. https://saafootball.org/
  38. https://griefergames.info/
  39. https://ampalauragarcianoblejas.com/
  40. sbobet
  41. judi parlay
  42. togel kamboja
  43. Pengeluaran Cambodia
  44. judi bola
  45. demo slot
  46. Togel Kamboja
  47. keluaran Kamboja
  48. slot thailand
  49. togel kamboja
  50. keluaran kamboja
  51. togel Kamboja
  52. slot demo
  53. keluaran cambodia
  54. togel cambodia
  55. demo mahjong
  56. live draw macau
  57. slot thailand
  58. pengeluaran kamboja
  59. judi bola
  60. sbobet