Securing the deployment

Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.


  1. During configuration, choose a certificate specific to your organization in the Server Certificate dialog.
  2. To secure IIS on the Enterprise Console Server:
    1. Disable WebDAV.
    2. Disable the EnableTraceMethod. This method determines whether IIS recognizes the HTTP TRACE method. The TRACE method is used to invoke a remote, application-layer loop-back of a request message. TRACE allows a client to see what is being received at the other end of the request chain and use that data for testing and debugging information.
      Note: Do not leave EnableTraceMethod enabled on a production system, because it can reveal backend server address information to a malicious user.