Guidelines for scanning large sites with Rational AppScan Standard
上一篇 /
下一篇 2010-08-10 11:42:27
/ 个人分类:IBM Appscan Security Scan
|
| | | Question | | What are the guidelines for scanning large sites with IBM Rational AppScan Standard Edition and Express Edition? | | |
|
|
| Cause |
Security auditors often face large and complex Web sites. Although AppScan has good explore filters that allow you to restrict and focus the site exploration. The usage of these filters often require a detailed knowledge of the structure of the site.
IBM Rational recommends these measures to ensure a successful completion of a scan of such large and complex sites:
System Requirements:- CPU - 1GHz and above
- RAM - 2GB and above
- Free Disk Space- 3-4GB
Note:Ensure that the temp directory as defined in the environment variables is pointing to this drive.
Scan Type:- Do not change the default explore settings (Redundant Path and Depth Limits), most of the site will be covered with default setting and increasing the limits might introduce redundancy and increase the size of the session.
- Save the session after the Explore phase (One can even create a Business Process of the Explore phase).
- Check the following parameters:
- Number of visited links
- Number of potential vulnerabilities
- AppScan memory consumption (In task manager)
- AppScan files in the Temp directory (Extensions - DBF, CDX, FPT)If any of these parameters are extremely high or the combination of them looks out of the ordinary, you should consider running the test phase by breaking them up into groups of smaller ones (see "How to Split the Test Phase" below).
Large Session Indications:- Large number of visited links - greater than 10,000
- Normal number of visited links but a large number of potential vulnerabilities
- More than 100,000 potential vulnerabilities but no more then 500-1,000 visited links; this can be an indication of a large number of form. fields in the session.
- Memory consumption of more than 500MB
- Temp files larger than 1.5GB
|
| |
|
| Answer |
How to Split the Test Phase:
Note:The best practice is to break the scan into at least two scan files: 1 for Infrastructure Tests and 1 for Application Tests.
**AppScan 7.0**- Change the name of the scan and save it again. This will create a copy so the baseline session will not be affected.
- Go to Scan > Scan Configuration and click on Test Policy
- For each scan file created (above), edit the test policy as applicable
- Go to Scan > Re-Scan > Re-Test - there is no need to explore the site again
- Run the test - you will notice that only the specified test groups are executed
- Save the session
|
收藏
举报
TAG:
