Home
Installing
Learn how to install the product.
Post installation tasks
After you install AppScan® Enterprise, complete these postinstallation tasks.
Securing the deployment
Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
Securing the SQL Server database
Depending on whether you have the Enterprise or Standard version of SQL Server, securing your data is a critical database maintenance practice.
Enabling TDE on SQL Server Enterprise Edition
Enabling TDE on Enterprise version of SQL Server for securing your data by encryption.
Moving a TDE-protected database to another SQL Server
Follow these steps when you need to restore or move a TDE-protected database to another server.

Installing
Learn how to install the product.
- Planning the deployment and installation
  The configuration you use depends on a number of factors: what you plan to do with the software, how your organization and website or applications are structured, and how the information is to be distributed. Before you install the current release, review the information about hardware and software requirements, licensing, and other deployment considerations.
- Preinstallation tasks
  Before you install AppScan® Enterprise, you will need to prepare and configure your system.
- Installation tasks
  This section provides the instructions for installing AppScan® Enterprise.
- Post installation tasks
  After you install AppScan® Enterprise, complete these postinstallation tasks.
  - Postinstallation checklist
    After you install AppScan® Enterprise, review and complete all of the necessary tasks on the postinstallation checklist.
  - Verifying the agent service and alerting service installation
    During installation, two services were installed: the Agent Service and the Alert Service. You need to ensure that these services have been installed and are started. If the agent service is not started, any jobs that users create will not be picked up and run by the Server. If the alerting service is not started, any alerts that have been configured for users will not be issued. Make sure that only one instance of the alerting service is installed; otherwise, duplicate notifications might be sent out.
  - Configuring a basic user registry for the Liberty profile
  - Securing the deployment
    Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
    - Trusting the certificate authority
      If your certificate is not from a trusted authority, you will need to trust it on your client machine.
    - Disabling weak cipher suites in IIS
      By default, IIS is installed with 2 weak SSL 2.0 cipher suites that are enabled: SSL2_RC4_128_WITH_MD5 and SSL2_DES_192_EDE3_CBC_WITH_MD5. This can impact the security of AppScan Enterprise, and the cipher suites should be disabled.
    - Updating the Java™ SDK policy files
      AppScan® Enterprise provides Java™ SDK 7.0 that contains strong but limited jurisdiction policy files. Some key formats (such as PKCS #12) that are provided by a Certificate Authority (CA) might be protected with algorithms that are not provided with the limited policy files in Java SDK 7.0. Before you replace self-signed certificates with CA-issued certificates, update your Java SDK policy files.
    - Securing the SQL Server database
      Depending on whether you have the Enterprise or Standard version of SQL Server, securing your data is a critical database maintenance practice.
      - Securing the connection from AppScan® Enterprise to SQL Server
        This procedure describes how to install a certificate on a computer that is running Microsoft™ SQL Server by using Microsoft Management Console (MMC) and describes how to enable SSL Encryption at the server.
      - Data protection through encryption
        Data that is stored on a physical media can be a target of unauthorized access attack. The physical media might be stolen, or the data might be accessed remotely. While you can use physical and computer security methods to protect your data from these types of attacks, encrypting the data offers more protection by preventing an attacker from reading the stolen files.
      - Enabling TDE on SQL Server Enterprise Edition
        Enabling TDE on Enterprise version of SQL Server for securing your data by encryption.
        Enabling Transparent Data Encryption on SQL Server databases
        SQL Server has a built-in encryption TDE mechanism (Transparent Data Encryption) encrypts the data residing in the database or in backups on physical media.
        Tasks related to Transparent Data Encryption on SQL Server
        The articles listed below provide further details that should be part of your SQL Server database maintenance plan.
        Moving a TDE-protected database to another SQL Server
        Follow these steps when you need to restore or move a TDE-protected database to another server.
      - Using Encrypting File System on SQL Server Standard Edition
        Encrypting database file using the Encrypting File System (EFS) method on Standard version of SQL Server.
  - Support for FIPS 140-2 and NIST SP800-131a security standards
    The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.
  - Authenticating with the Common Access Card (CAC)
    The Common Access Card is the standard identification for active duty uniformed service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel in the United States. It is used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems. The CAC can be used for access into computers and networks that are equipped with various smart card readers. When it is inserted into the reader, the device asks the user for a PIN. This task helps you set up AppScan® Enterprise to allow CAC authentication over LDAP so that users can log in to AppScan Enterprise without providing a user name and password.
- Advanced installation scenarios

Moving a TDE-protected database to another SQL Server

Follow these steps when you need to restore or move a TDE-protected database to another server.

Before you begin

Download this compressed file to the SQL Server machine: RestoreDBCertificate.zip. (If file doesn't download, right-click the link and save the file to your hard drive.)

Procedure

Copy the two certificate files (AppScanEntCert.bak and AppScanEntCert.pvk) that you created in the Enabling Transparent Data Encryption on SQL Server databases task to a location on your machine (for example, C:\Certificate\).
Open the SQL Management Studio of your SQL Server 2012 installation.
Go to the location where you downloaded the RestoreTDECertificate.zip file. Unzip the file and open the script. (File > Open > File). You will notice several commands that will be executed on the server.
Before you execute the script, you must set three fields for your environment (they are all marked with 'ACTION REQUIRED' in the comments section of the script):
- DECLARE @MKPassword: The Master Key Password used to create the master key in the [master] database where you enabled TDE
- DECLARE @BackupPassword: The password that was used to back up the certificate if it is different from @MKPassword
- DECLARE @Path: The path of the location that you copied the two files AppScanEntCert.bak and AppScanEntCert.pvk
After the fields have been updated, click Query > Execute to launch the script.

Results

After the script has completed, the result will be displayed in the 'Messages' window of SQL Management Studio. If you see the message: "The certificate is restored successfully, you can restore the database.", you should be able to restore the database on this SQL Server.