Home
Managing application risk
Follow this workflow to manage application security risks in your organization.
Step 2: Testing applications for vulnerabilities
Learn how to test vulnerabilities identified in an application.
Scenarios for creating scans
These scenarios are targeted at developers and the security team. Choose the user role that most closely matches your situation.
Overview of scan configuration differences in v9.0.2 and higher and in previous versions
The security team (whose members have Administrator privileges) creates templates by using scan configuration that they author in AppScan Standard. The scan template file is then available for use in AppScan Enterprise. Developers (with QuickScan user privileges) pick up the template when they create a scan, and use a wizard in the new AppScan Dynamic Analysis Client to finish the scan creation. They use the same Client when they need to amend the scan configuration.

Managing application risk
Follow this workflow to manage application security risks in your organization.
- Step 1: Creating an application inventory
  Learn how to create an application inventory.
- Step 2: Testing applications for vulnerabilities
  Learn how to test vulnerabilities identified in an application.
  - Importing issues from third-party scanners
    Learn how to import issues from 3rd-party scanners.
  - Scenarios for creating scans
    These scenarios are targeted at developers and the security team. Choose the user role that most closely matches your situation.
    - Overview of scan configuration differences in v9.0.2 and higher and in previous versions
      The security team (whose members have Administrator privileges) creates templates by using scan configuration that they author in AppScan Standard. The scan template file is then available for use in AppScan Enterprise. Developers (with QuickScan user privileges) pick up the template when they create a scan, and use a wizard in the new AppScan Dynamic Analysis Client to finish the scan creation. They use the same Client when they need to amend the scan configuration.
    - Developers
      The developer team creates scan templates using different methods and user interfaces in AppScan.
    - Security Team
      Using scan configuration authored in AppScan standard, the security team creates templates.
    - Converting scan configurations from AppScan® Standard in the AppScan® Dynamic Analysis Client
      If you have an existing content scan that is based on a scan template (*.scant) from AppScan® Standard, you can convert the scan configuration so that you can edit it directly in the AppScan Dynamic Analysis Client. However, after you convert the scan configuration, you cannot open it again in AppScan Standard.
  - Running and scheduling jobs
    Learn how to run and schedule a job in AppScan Enterprise.
  - Copying a scan between two Enterprise Consoles
    Export scan properties and creating a new scan based on those properties. This is the method you use to copy a scan between two Enterprise Console instances.
  - Stopping a job and then resuming it
    There are three methods you can use to stop a job while it is running. Each method is used for a different reason, which largely depends on whether you want to keep the data or you want to continue running the job from the point where it left off. You can resume a suspended job to continue the scan from where it stopped. A resumed job is handled by the next free agent on any available agent server.
- Step 3: Determining risks and prioritizing vulnerabilities
  Learn how to determine risks and prioritize vulnerabilities identified in an application.
- Step 4: Remediating risks
  Learn how to remediate risks identified in an application.
- Step 5: Measuring progress and demonstrating compliance
  Learn how to measure progress and demonstrate compliance.

Overview of scan configuration differences in v9.0.2 and higher and in previous versions

The security team (whose members have Administrator privileges) creates templates by using scan configuration that they author in AppScan Standard. The scan template file is then available for use in AppScan Enterprise. Developers (with QuickScan user privileges) pick up the template when they create a scan, and use a wizard in the new AppScan Dynamic Analysis Client to finish the scan creation. They use the same Client when they need to amend the scan configuration.

This workflow provides many benefits: The security team uses a richer environment to select scan options in AppScan Standard. This method is a one-step process to provide these templates to developers in AppScan Enterprise. It produces more consistent results across the organization, and provides the same user experience during job configuration. It improves the configuration experience for developers, who often don't have much security knowledge, and provides them with the ability to configure action-based login and manual explore features.

There are some upgrade considerations to know about:

The new method is accessed from both the Monitor and Scans views.
Existing scan templates from v9.0.1.1 are kept after upgrade, and the old method of QuickScan template creation still exists. To take advantage of this new method, during upgrade you must run the Default Settings Wizard after the Configuration Wizard to install the templates for v9.0.2.
To avoid any template name conflicts in the Templates directory in the Folder Explorer, (v9.0.2) is appended to the template name. If you install a new instance of AppScan Enterprise, you can still access the templates from v9.0.1.1. When you create a new content scan or template from the Scans view, select Create using previously saved settings file and go to <install-dir>\AppScan Enterprise\Initializations\ASE\DefaultTemplates\Job\Version 9.0.1.1 to select the *.xml file.