Home
Installing
Learn how to install the product.
Post installation tasks
After you install AppScan® Enterprise, complete these postinstallation tasks.
Securing the deployment
Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
Securing the SQL Server database
Depending on whether you have the Enterprise or Standard version of SQL Server, securing your data is a critical database maintenance practice.
Using Encrypting File System on SQL Server Standard Edition
Encrypting database file using the Encrypting File System (EFS) method on Standard version of SQL Server.
Detaching, encrypting, and attaching a database encrypted with EFS
There might be times when you do not want to stop the SQL Server service during database encryption; for example, when there are several databases running on that service and you do not want them to be unavailable. You can detach, encrypt, and attach the database instead.

Installing
Learn how to install the product.
- Planning the deployment and installation
  The configuration you use depends on a number of factors: what you plan to do with the software, how your organization and website or applications are structured, and how the information is to be distributed. Before you install the current release, review the information about hardware and software requirements, licensing, and other deployment considerations.
- Preinstallation tasks
  Before you install AppScan® Enterprise, you will need to prepare and configure your system.
- Installation tasks
  This section provides the instructions for installing AppScan® Enterprise.
- Post installation tasks
  After you install AppScan® Enterprise, complete these postinstallation tasks.
  - Postinstallation checklist
    After you install AppScan® Enterprise, review and complete all of the necessary tasks on the postinstallation checklist.
  - Verifying the agent service and alerting service installation
    During installation, two services were installed: the Agent Service and the Alert Service. You need to ensure that these services have been installed and are started. If the agent service is not started, any jobs that users create will not be picked up and run by the Server. If the alerting service is not started, any alerts that have been configured for users will not be issued. Make sure that only one instance of the alerting service is installed; otherwise, duplicate notifications might be sent out.
  - Configuring a basic user registry for the Liberty profile
  - Securing the deployment
    Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
    - Trusting the certificate authority
      If your certificate is not from a trusted authority, you will need to trust it on your client machine.
    - Disabling weak cipher suites in IIS
      By default, IIS is installed with 2 weak SSL 2.0 cipher suites that are enabled: SSL2_RC4_128_WITH_MD5 and SSL2_DES_192_EDE3_CBC_WITH_MD5. This can impact the security of AppScan Enterprise, and the cipher suites should be disabled.
    - Updating the Java™ SDK policy files
      AppScan® Enterprise provides Java™ SDK 7.0 that contains strong but limited jurisdiction policy files. Some key formats (such as PKCS #12) that are provided by a Certificate Authority (CA) might be protected with algorithms that are not provided with the limited policy files in Java SDK 7.0. Before you replace self-signed certificates with CA-issued certificates, update your Java SDK policy files.
    - Securing the SQL Server database
      Depending on whether you have the Enterprise or Standard version of SQL Server, securing your data is a critical database maintenance practice.
      - Securing the connection from AppScan® Enterprise to SQL Server
        This procedure describes how to install a certificate on a computer that is running Microsoft™ SQL Server by using Microsoft Management Console (MMC) and describes how to enable SSL Encryption at the server.
      - Data protection through encryption
        Data that is stored on a physical media can be a target of unauthorized access attack. The physical media might be stolen, or the data might be accessed remotely. While you can use physical and computer security methods to protect your data from these types of attacks, encrypting the data offers more protection by preventing an attacker from reading the stolen files.
      - Enabling TDE on SQL Server Enterprise Edition
        Enabling TDE on Enterprise version of SQL Server for securing your data by encryption.
      - Using Encrypting File System on SQL Server Standard Edition
        Encrypting database file using the Encrypting File System (EFS) method on Standard version of SQL Server.
        Encrypting, backing up, and restoring a SQL Server database with EFS
        The Encrypting File System (EFS) is a feature of Microsoft™ Windows™ that lets you store information on your hard disk in an encrypted format. EFS enables transparent encryption and decryption of files by using advanced, standard cryptographic algorithms. Use this method to encrypt the database file if you have SQL Server Standard Edition 2008, 2008 SP3, 2008 R2 SP2, 2012, and 2014.
        Detaching, encrypting, and attaching a database encrypted with EFS
        There might be times when you do not want to stop the SQL Server service during database encryption; for example, when there are several databases running on that service and you do not want them to be unavailable. You can detach, encrypt, and attach the database instead.
  - Support for FIPS 140-2 and NIST SP800-131a security standards
    The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.
  - Authenticating with the Common Access Card (CAC)
    The Common Access Card is the standard identification for active duty uniformed service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel in the United States. It is used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems. The CAC can be used for access into computers and networks that are equipped with various smart card readers. When it is inserted into the reader, the device asks the user for a PIN. This task helps you set up AppScan® Enterprise to allow CAC authentication over LDAP so that users can log in to AppScan Enterprise without providing a user name and password.
- Advanced installation scenarios

Detaching, encrypting, and attaching a database encrypted with EFS

There might be times when you do not want to stop the SQL Server service during database encryption; for example, when there are several databases running on that service and you do not want them to be unavailable. You can detach, encrypt, and attach the database instead.

Before you begin

'The service account' must be used to log in to the SQL Server service and to encrypt any other databases on the same SQL Server.

Procedure

Go to Start > Administrative Tools > Services and stop the SQL Server service that hosts the AppScan® Enterprise database you are going to encrypt. The default service is SQL Server (MSSQLSERVER).
Right-click the name of the service to open the properties dialog. On the Log on tab, select This account, enter the credentials of the service account, and then click OK.
In the Services window, start the SQL Server that hosts the AppScan® Enterprise database.
In Windows™ Explorer, right-click the <databasename.mdf> file and go to Properties > General > Advanced > Encrypt contents to secure data, and click OK.
Open Microsoft™ SQL Server Management Studio and connect to the SQL Server that serves that database.
Under the 'Databases' tree, right-click the database you want to encrypt and click Tasks > Detach.
In the Detach Database window, if there are open connections, select the Drop Connections check box and click OK.
In Windows™ Explorer, right-click the <databasename.mdf> file and go to Properties > General > Advanced > Encrypt contents to secure data, and click OK.
Repeat Steps 3 and 4 for the <databasename.ldf> file.
In Microsoft™ SQL Server Management Studio, right-click the Databases tree, and choose Attach.
In the Attach Databases window, click Add and navigate to the encrypted <databasename.mdf> file. Select it and click OK > OK
Repeat Step 11 for the <databasename.ldf> file.