Test tool AppScan installation and use
In the participating projects, Appscan is used to conduct security scanning test analysis, find system security vulnerabilities, and adjust the system and repair related vulnerabilities according to relevant revision suggestions to improve system security. This article is based on this, and consults relevant information, and introduces the basic concepts, installation process, and instructions of Appscan, so that it can be used continuously in the future, and provides reference for later generations. There are inevitably omissions in the article, and readers are welcome to correct them. Greatful!
1. Concept
AppScan is a web security scanning tool from IBM, which can use crawler technology to conduct website security penetration testing, automatically scan webpage links according to website entrances, and provide scanning reports and repair suggestions after scanning.
AppScan has its own use case library. The newer the version, the more complete the use case library (the more comprehensive the use case library, the more comprehensive the detection of vulnerabilities, and the higher the security of the tested system)
Working principle:
1) Understand the results of the entire web page through exploration
2) Through analysis, use the scanning rule base to attack the modified HTTP Request
3) Analyze the Response to verify whether there are security vulnerabilities
2. Download and install
2.1 Download path
Installation version: AppScan_Setup_10.0.0
installation package, which can be found through online search, and the cracking method can also be found online.
2.2 Installation process
Double-click the exe file and continue to the next step
. After the installation is complete, you can crack the version according to the relevant file prompts.
3. Instructions for use
3.1 Enter the main interface
- Double-click the shortcut key to enter the main interface of appscan
3.2 Create a new scan
-
Click – Scan Web Applications,
-
Fill in the URL that needs to be scanned, the next step,
3.4 Login Management
-
login management
-
Record – select a browser and enter the web interface to log in to the system;
-
Enter the account password, log in, and select – I have logged in to the site
-
After logging in, select I have logged into the system
-
Just go to the next step
3.5 Start full scan
- Done, start full scan
- during scanning
3.6 Scan results
According to the scanning results and analysis results, view the security problems existing in the current scanning system, and view revision suggestions one by one, and perform operations such as system security configuration adjustment and reinforcement.
4. References
[1] http://www.encoreconsulting.com/3-10-AppScan.html
[2] https://www.cnblogs.com/jingdenghuakai/p/10907153.html
[3] https://blog.csdn.net/qq_38317509/article/details/80981430