Home
Installing
Learn how to install the product.
Post installation tasks
After you install AppScan® Enterprise, complete these postinstallation tasks.
Securing the deployment
Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
Securing the SQL Server database
Depending on whether you have the Enterprise or Standard version of SQL Server, securing your data is a critical database maintenance practice.
Enabling TDE on SQL Server Enterprise Edition
Enabling TDE on Enterprise version of SQL Server for securing your data by encryption.
Enabling Transparent Data Encryption on SQL Server databases
SQL Server has a built-in encryption TDE mechanism (Transparent Data Encryption) encrypts the data residing in the database or in backups on physical media.
How the script enables TDE on SQL Server
The script is a convenient way to perform end-to-end steps required to configure TDE on a user database.

Installing
Learn how to install the product.
- Planning the deployment and installation
  The configuration you use depends on a number of factors: what you plan to do with the software, how your organization and website or applications are structured, and how the information is to be distributed. Before you install the current release, review the information about hardware and software requirements, licensing, and other deployment considerations.
- Preinstallation tasks
  Before you install AppScan® Enterprise, you will need to prepare and configure your system.
- Installation tasks
  This section provides the instructions for installing AppScan® Enterprise.
- Post installation tasks
  After you install AppScan® Enterprise, complete these postinstallation tasks.
  - Postinstallation checklist
    After you install AppScan® Enterprise, review and complete all of the necessary tasks on the postinstallation checklist.
  - Verifying the agent service and alerting service installation
    During installation, two services were installed: the Agent Service and the Alert Service. You need to ensure that these services have been installed and are started. If the agent service is not started, any jobs that users create will not be picked up and run by the Server. If the alerting service is not started, any alerts that have been configured for users will not be issued. Make sure that only one instance of the alerting service is installed; otherwise, duplicate notifications might be sent out.
  - Configuring a basic user registry for the Liberty profile
  - Securing the deployment
    Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
    - Trusting the certificate authority
      If your certificate is not from a trusted authority, you will need to trust it on your client machine.
    - Disabling weak cipher suites in IIS
      By default, IIS is installed with 2 weak SSL 2.0 cipher suites that are enabled: SSL2_RC4_128_WITH_MD5 and SSL2_DES_192_EDE3_CBC_WITH_MD5. This can impact the security of AppScan Enterprise, and the cipher suites should be disabled.
    - Updating the Java™ SDK policy files
      AppScan® Enterprise provides Java™ SDK 7.0 that contains strong but limited jurisdiction policy files. Some key formats (such as PKCS #12) that are provided by a Certificate Authority (CA) might be protected with algorithms that are not provided with the limited policy files in Java SDK 7.0. Before you replace self-signed certificates with CA-issued certificates, update your Java SDK policy files.
    - Securing the SQL Server database
      Depending on whether you have the Enterprise or Standard version of SQL Server, securing your data is a critical database maintenance practice.
      - Securing the connection from AppScan® Enterprise to SQL Server
        This procedure describes how to install a certificate on a computer that is running Microsoft™ SQL Server by using Microsoft Management Console (MMC) and describes how to enable SSL Encryption at the server.
      - Data protection through encryption
        Data that is stored on a physical media can be a target of unauthorized access attack. The physical media might be stolen, or the data might be accessed remotely. While you can use physical and computer security methods to protect your data from these types of attacks, encrypting the data offers more protection by preventing an attacker from reading the stolen files.
      - Enabling TDE on SQL Server Enterprise Edition
        Enabling TDE on Enterprise version of SQL Server for securing your data by encryption.
        Enabling Transparent Data Encryption on SQL Server databases
        SQL Server has a built-in encryption TDE mechanism (Transparent Data Encryption) encrypts the data residing in the database or in backups on physical media.
        How the script enables TDE on SQL Server
        The script is a convenient way to perform end-to-end steps required to configure TDE on a user database.
        Tasks related to Transparent Data Encryption on SQL Server
        The articles listed below provide further details that should be part of your SQL Server database maintenance plan.
        Moving a TDE-protected database to another SQL Server
        Follow these steps when you need to restore or move a TDE-protected database to another server.
      - Using Encrypting File System on SQL Server Standard Edition
        Encrypting database file using the Encrypting File System (EFS) method on Standard version of SQL Server.
  - Support for FIPS 140-2 and NIST SP800-131a security standards
    The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.
  - Authenticating with the Common Access Card (CAC)
    The Common Access Card is the standard identification for active duty uniformed service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel in the United States. It is used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems. The CAC can be used for access into computers and networks that are equipped with various smart card readers. When it is inserted into the reader, the device asks the user for a PIN. This task helps you set up AppScan® Enterprise to allow CAC authentication over LDAP so that users can log in to AppScan Enterprise without providing a user name and password.
- Advanced installation scenarios

How the script enables TDE on SQL Server

The script is a convenient way to perform end-to-end steps required to configure TDE on a user database.

Create the master key, if required.
TDE requires that a master key be created in the [master] database. Each database server can only have one master key that is shared amongst all user databases. The password must be provided in the script in this step. If the master key does not already exist, it will be created with the provided password.
Open the master key.
The master key must be open to perform the subsequent steps. This step ensures the master key is open before continuing. In cases where a master key is already present on the database server this step verifies that the password entered matches the password used to initially create the master key.
Create the 'AppScan' certificate.
A certificate is created to be used by all AppScan® Enterprise databases on this database server. The name of the certificate is 'APPSCAN_ENT_CERT'.
Once the certificate is created, it is immediately backed up. This step generates two files: AppScanEntCert.bak and AppScanEntCert.pvk. The file are stored with the database .mdf file in the relevant location:
- (SQL 2014) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\DATA
- (SQL 2012) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA
Associate the AppScan® certificate with the AppScan® Enterprise database.
This step creates an encryption key on the database based on the certificate created in Step 3.
Enable encryption.
This step enables encryption on the AppScan® Enterprise database.
Test and display results
A message is printed to the 'Messages' view in SQL Management Studio indicating if the previous steps were successful, and displays the percentage of TDE completion.