Security testing overview
You can run security tests using Rational AppScan Tester
Edition directly from the Quality Manager.
Configuring Rational AppScan Tester Edition Rational AppScan Tester
Edition is designed to help organizations distribute responsibility
for security testing among multiple stakeholders and to help users
test for vulnerabilities such as Cross-site scripting, buffer overflows,
and SQL injection early in the Web application delivery lifecycle.
Configuring communication between AppScan and Rational Quality Manager
This wizard helps you install sample data
in AppScan Tester
Edition and Rational Quality
Manager, and configure two-way communication between AppScan and Rational Quality
Manager by providing
defaults for a number of configurable options.
Sample AppScan Data
When you run the Default Settings Wizard during the Rational AppScan Tester
Edition setup, you can populate the AppScan database with sample data, such
as scan templates, server groups (based on the servers and IP addresses listed
in your AppScan license),
and test policies for running security tests. If necessary, you can edit this
data later in AppScan.
You can also populate the database with Rational Quality Manager-specific sample
data that lets you get up and running quickly. It also gives you an overall
sense of how you can set up your own test plans and test scripts to scan for
security vulnerabilities in your environment.
Configuring Rational AppScan Tester Edition Adapter
To run Test Execution Records containing AppScan Tester Edition Test Scripts,
you must configure an adapter to pass execution information from Rational Quality
Manager to AppScan Tester
Edition and vice versa. All external test tools use this method to accept
requests to run, and to deliver results back to Rational Quality Manager.
For AppScan Tester
Edition, the adapter is located on the Rational Quality Manager server itself.
Workflow for creating and running security tests
This topic provides a high-level workflow to create security tests
in Rational AppScan Tester
Edition and to run them in Rational Quality Manager as security test scripts.