Follow this workflow to manage application security risks in your organization.
Learn how to test vulnerabilities identified in an application.
These scenarios are targeted at developers and the security team. Choose the user role that most closely matches your situation.
Using scan configuration authored in AppScan standard, the security team creates templates.
Learn how to create a scan.
Learn how to create an application inventory.
Learn how to import issues from 3rd-party scanners.
The security team (whose members have Administrator privileges) creates templates by using scan configuration that they author in AppScan Standard. The scan template file is then available for use in AppScan Enterprise. Developers (with QuickScan user privileges) pick up the template when they create a scan, and use a wizard in the new AppScan Dynamic Analysis Client to finish the scan creation. They use the same Client when they need to amend the scan configuration.
The developer team creates scan templates using different methods and user interfaces in AppScan.
This topic helps security team to learn creating scan templates.
Upload a scan template from AppScan® Standard to use the same explore and test phase configuration in AppScan Enterprise. This saves time and effort in re-creating scan configurations between AppScan Standard and AppScan Enterprise.
As part of the security team, you can create advanced scans by using the AppScan Dynamic Analysis Client.
As a security analyst, you might have to help a developer to edit a basic scan they created. In the AppScan Dynamic Analysis Client, you can see scan configuration options that a developer cannot see.
Page Structure (DOM) Filtering can greatly reduce scan time by identifying pages that are similar enough to pages already scanned, that they can safely be ignored. AppScan compares new pages with those pages already scanned for structural (DOM) similarity, which indicates the new page contains no new links or contains content that requires more testing. For example, on a commercial site there might be a catalog with individual pages for a thousand different items that are identical in all other ways. There is usually no need to scan all of those pages. Filtering based on DOM similarity can greatly reduce scan time.
If you have an existing content scan that is based on a scan template (*.scant) from AppScan® Standard, you can convert the scan configuration so that you can edit it directly in the AppScan Dynamic Analysis Client. However, after you convert the scan configuration, you cannot open it again in AppScan Standard.
Learn how to run and schedule a job in AppScan Enterprise.
Export scan properties and creating a new scan based on those properties. This is the method you use to copy a scan between two Enterprise Console instances.
There are three methods you can use to stop a job while it is running. Each method is used for a different reason, which largely depends on whether you want to keep the data or you want to continue running the job from the point where it left off. You can resume a suspended job to continue the scan from where it stopped. A resumed job is handled by the next free agent on any available agent server.
Learn how to determine risks and prioritize vulnerabilities identified in an application.
Learn how to remediate risks identified in an application.
Learn how to measure progress and demonstrate compliance.