First, the installation package
Download see cloud disk link: https: //pan.baidu.com/s/1gcaIk7mWyCtYcM2gNmWYwQ Password: rg41
Official documentation (Chinese drop) link: https: //pan.baidu.com/s/1CizSWAylEbJ_5xfZDnpvWA Password: 3wkp
Two, AppScan works Detailed entry
Reference: https://www.cnblogs.com/mawenqiangios/p/8573525.html
- AppScan three core elements
- Technical characteristics analysis of large sites
- Site uses technology more mixed, require different scan settings
- appscan works https://blog.csdn.net/loner_fang/article/details/81318095
Web application security attacks to check the site for security vulnerabilities. Target of attack: each parameter of each page
OK url entrance, entrance through this url, use crawler technology to find all url links and page parameters entire site, this time all the attacks have been identified objects; on page traverse the parameters one by one scan library "test case", is the use of actual tools simulate hacker attacks, as actual results and expected results are consistent it is determined that there are security risks.
Real practice, the "test" phase will frequently display the new links and more potential security risks within the site. Therefore, the completion of "exploration" and after "test" first "stage", AppScan will automatically start a new "stage" to deal with the new information.
The whole process is divided into "scan configuration - Exploration - Test - Scan - Result Analysis"
Third, test tools APPScan installation and tutorial
- Installation Steps https://www.cnblogs.com/mawenqiangios/p/8573585.html
- Scanning step https://www.cnblogs.com/mawenqiangios/p/8573585.html
- Scanning strategy of choice https://www.cnblogs.com/Lam7/p/7095243.html
- Learn the tested website https://www.cnblogs.com/Lam7/p/7095243.html
Four, AppScan resolve browser compatibility
Reference: https://www.cnblogs.com/mawenqiangios/p/8573740.html
Five, web security test specification
Reference: https://wenku.baidu.com/view/71fcb1a431b765ce040814cf.html