Home
Administering
Learn how to administer the product.
Preparing for Security Testing
Learn how to prepare for security testing in AppScan Enterprise.
Creating and Importing Security Test Policies
Learn how to create and import security test policies in AppScan Enterprise.
Defining the servers to test and the security tests to perform
Job Administrators are assigned security test policies and server groups by a Product Administrator. Security test policies define what tests they can perform; server groups define which applications/servers they can run those tests against.

Administering
Learn how to administer the product.
- Managing users, groups, and access permissions
  Learn how to manage user groups and access permission.
- SAML Single Sign-On in AppScan Enterprise
- Configuring and downloading log files for Enterprise Console and AppScan Server
  Administrators can configure the settings for log files for the Enterprise Console and AppScan Server and download them when they need to troubleshoot issues. This function eliminates the need to search the file system of the computer where the Enterprise Console or AppScan Server is installed.
- Resetting Service Account Password in AppScan Enterprise through the ASE AdminUtil tool
  The AdminUtil tool helps users to avoid rerun the configuration wizard on the AppScan Enterprise Server and the DAST Scanner(s) to reset the password. You can run the utility in two modes - Interactive mode and Silent mode. For more information about resetting service account password through interactive mode, see Resetting Service Account Password in AppScan Enterprise through the ASE AdminUtil tool in silent mode
- Resetting Service Account Password in AppScan Enterprise through the ASE AdminUtil tool in silent mode
  The AppScan Enterprise (ASE) AdminUtil tool helps users to avoid rerun the configuration wizard on the AppScan Enterprise Server, IAST Communication service, DAST scanner(s), Database service, and Alert services to reset the password of service account. You can achieve this by running the utility in two modes - Interactive mode and Silent mode. For more information about resetting service account password through interactive mode, see Resetting Service Account Password in AppScan Enterprise through the ASE AdminUtil tool
- Monitoring AppScan Enterprise usage
  Create an Activity Log report to determine who is using AppScan Enterprise and what they are doing with it. The report lists the users that made changes and when the changes were made. Because the log is always recording activity, all you must do is create the report. Only Administrators can create the Activity Log report; however, any user can be given access to it as part of a report pack's properties. If you do not want other users to see the Activity Log report, change `All Other Users' to No Access on the Users and Groups page for the report pack.
- Managing a server
  Product Administrators are responsible for managing each server to its optimal performance.
- Managing the scan queue
  See the status of scan jobs currently running or waiting to run so that you can prioritize the order in which your key scan jobs run. For example, you might have scan jobs that are part of a time-sensitive deliverable, like a holiday shopping special. You can move them to the top of the queue to make sure that they are prioritized first in the schedule.
- Updating security rules
  The security rules are updated as a part of your AppScan® Enterprise releases. You can verify the version and release date of the security rules by looking in the About link in the AppScan Enterprise main menu.
- Importing user-defined tests from AppScan Standard
  AppScan® Standard provides a database of thousands of tests. However, if your web application has issues that are specific to it, or if you want to write your own advisories for fixing issues, you can create your own tests. These tests are saved and included in your AppScan database of tests. You can also export them as a *.udt file to import into AppScan Enterprise.
- Maintaining your SQL Server database
  SQL Server database maintenance includes upgrading SQL servers, SQL database backup, log file configuration, and database usage.
- Preparing for Security Testing
  Learn how to prepare for security testing in AppScan Enterprise.
  - Creating a server group
    A server group is a group of items that can be tested as a unit; the same security tests will be applied to all the servers in the group. A server group can be any combination of domains and IP addresses.
  - Enabling and disabling IP addresses to scan
    If you want to enable or disable your address ranges (which will affect the entire installation), you can do so. You might disable a range of addresses if you had servers that were in the process of being backed up. In this case, you can prevent anyone from running security tests on the servers by disabling the IP address range of the servers. Another method of restricting IP address testing is at the user level through the application of server groups.
  - Creating and Importing Security Test Policies
    Learn how to create and import security test policies in AppScan Enterprise.
    - Security test policies
      A security test policy is a predefined set of security tests. Users must be assigned both a server group and a test policy before they can perform security scans.
    - Creating a simple security test policy
      The Simple security test policy is the default test policy. It defines tests at a high level. You can create and edit simple test policies and assign them to server groups. Then you can assign server group/test policy combinations to users to use during security scanning.
    - Importing an advanced security test policy from AppScan® Standard
      Use Advanced security test policies to test down to the variant level of a vulnerability, giving you complete control over the test sent during a scan. You can import advanced security test policies from AppScan® Standard Edition 7.5 (or higher) and assign them to server groups.
    - Re-importing advanced security test policies
      For those times when you must re-import a security test policy file from AppScan® Standard, you can re-import it without affecting your workflow.
    - Defining the servers to test and the security tests to perform
      Job Administrators are assigned security test policies and server groups by a Product Administrator. Security test policies define what tests they can perform; server groups define which applications/servers they can run those tests against.
    - Assigning security test policies and server groups to users
      After you have created your server groups (what you want to test) and your security test policies (what tests you want to perform), you must assign them to users. Users can only run security tests on the server groups that you assign to them. If they do not have any test policies assigned to them, they cannot perform security scans.
- Creating scan templates
  Learn how to create scan templates in AppScan Enterprise.

Defining the servers to test and the security tests to perform

Job Administrators are assigned security test policies and server groups by a Product Administrator. Security test policies define what tests they can perform; server groups define which applications/servers they can run those tests against.

Before you begin

Note:

The test policies that are available depend on what the Product Administrator has assigned to you.
Each test policy is associated with a certain server group, so changing the test policy changes the server group.

About this task

Your user properties list the security test policies and server groups that have been assigned to you. When a Job Administrator creates a job, its security test policies and server groups are predetermined. However, other Job Administrators can change what tests the job can run and which applications it can test. Any other Job Administrator can "take ownership" of the job. When a Job Administrator takes ownership of a job, the available security test policies and server groups become those of the new Job Administrator.

Procedure

Go to the Folder Content Summary, select the job, and click Edit.
On the General Properties page, click Select Job Owner, and choose yourself as the new job owner.
Click Select Job Owner > Save.

What to do next

Assigning security test policies and server groups to users