IBM SecurityAppScan Standar d employs thr ee distinct testing techniques that complement and enhance each other: Dynamic Analysis ("black-box scanning") This is the primary method, testing and evaluating application r esponses during r un-time. Static Analysis ("white-box scanning")What do you need to know about AppScan?
Unlike a br owser , AppScan needs to understand these technologies at a level that allows automatic crawling, session maintenance, and of course testing. In these cases you need to configur e AppScan to scan corr ectly . An AppScan scan consists of two main stages: Explor e and T est.What kind of URLs does AppScan decode?
AppScan specifically supports W ebSpher e Portal custom URLs. WSP encodes the URLs in a way that makes it dif ficult to track them as they appear . AppScan decodes the URLs so they can be understood and tuned. Glass box scanning is supported for Java and .NET only .What kind of testing does stageappscan do?
T est stageAppScan is designed to test the application and not its supporting technologies, ther efor e they do not af fect testing. T o consider databases again: AppScan’s suite of SQL Injection tests ar e independent of the database used. It also of fers specific tests for 3r d Party testing (Common V ulnerabilities testing).